For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

gauravk's avatar
gauravk
Icon for Nimbostratus rankNimbostratus
Jun 27, 2022

Whitelist IP in F5 based on URL

Hi All, I have a public domain which is exposing several APIs and being accessed by many partners. This state should remain as-is. Now, there is another API which should only be accessed by IPs whi...
security
Mayur_Sutare's avatar
Mayur_Sutare
Icon for MVP rankMVP
Jun 28, 2022

Hi gauravk ,

You can try below iRule. Here "Allow-List" is a IP type of DataGroup.

 

when HTTP_REQUEST {
if {[HTTP::uri] eq "/path/to/api1"} {
if {![class match [IP::client_address] equals Allow-List]} {
HTTP::respond 403 content "<html><body>Access not permitted</body></html>" Connection Close
TCP::close
}
}
}

 

Hope it helps!

  • gauravk's avatar
    gauravk
    Icon for Nimbostratus rankNimbostratus
    Jun 29, 2022

    Thanks Mayur_Sutare 

    I will try this solution. May I know what is the difference between client_address and remote_addr. which one should be used ideally to get the client IP in order to be used in IP whitelisting.

    Regards Gaurav