Whitelist IP in F5 based on URL

Question

Hi All,I have a public domain which is exposing several APIs and being accessed by many partners. This state should remain as-is.Now, there is another API which should only be accessed by IPs which are in my whitelist IPs list without any impact to above mentioned API traffic.For example:[1] /path/to/api1 -- &gt; can only be accessed by IP1 , IP2, IP3...[2] other apis --&gt; no restriction&nbsp;

mayur_sutare · Answer

Hi&nbsp;gauravk&nbsp;,
You can try below iRule. Here "Allow-List"&nbsp;is a IP type of DataGroup.
&nbsp;
when HTTP_REQUEST {
if {[HTTP::uri] eq "/path/to/api1"} {
if {![class match [IP::client_address] equals Allow-List]} {
HTTP::respond 403 content "&lt;html&gt;&lt;body&gt;Access not permitted&lt;/body&gt;&lt;/html&gt;" Connection Close
TCP::close
}
}
}

&nbsp;
Hope it helps!

gauravk · Answer

Thanks&nbsp;Mayur_Sutare&nbsp;I will try this solution. May I know what is the difference between client_address and remote_addr. which one should be used ideally to get the client IP in order to be used in IP whitelisting.Regards Gaurav

Forum Discussion

Whitelist IP in F5 based on URL

Recent Discussions

BIG-IP SysLog appearing in ossec.log

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

TMSH Command to list ASM policies not attached to any virtual servers in all partitions

dynamic signature detection

Related Content

url redirect

iRule based RADIUS Health Monitor Builder

iRule based RADIUS Server Stack

iRule based 'Natural Speech' Expression Language

DDoS IPI List - Whitelist NTP Servers

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS