Forum Discussion

Cirrus

Nov 23, 2023

Whitelisting access to URLs based on specific IPs

Dear Community, I have a requrirment to allow access to a specific URI path from few public IPs & all private IPs; remaining public IPs should not be able to access this specific URI path. All other...

MVP

Nov 23, 2023

Hi,

After creating a datagroup for private IP networks and public IPs, you can use iRule or LTM policy.

when HTTP_REQUEST {
	if { [string tolower [HTTP::uri -normalized] equals "/good/evening/happy/life" && not ([class match [IP::client_addr] equals /Common/datagroupname])} {
		drop
		return
	}
}

iRule
Cirrus
Nov 24, 2023
Hello Enes,
Thank you for your replay.
The iRule which you provided takes care of first part of requirement i.e access to specific URI path allowed from four public IPs & all private IPs.
Please inform do I need to add commadns in iRule to adderss remaning requirment; all other URI paths should be accessable by all public & private IPs.
Regards
- Enes_Afsin_Al
  MVP
  Nov 25, 2023
  Hi,
  
  The iRule drops requests except certain IP addresses for the certain url. If there is no match with the if statement, requests will be forwarded to the default pool. iRule does not require any extra code.
  It might be better to use path instead of uri.
  
  when HTTP_REQUEST { if { [string tolower [HTTP::path -normalized] equals "/good/evening/happy/life" && not ([class match [IP::client_addr] equals /Common/datagroupname])} { drop return } }
  
  For the following URL:
  http://www.example.com:8080/main/index.jsp?user=test&login=check
  
  The URI is:
  /main/index.jsp?user=test&login=check
  The path is:
  /main/index.jsp
  The query is:
  user=test&login=check
  - Daniel_Wolf
    MVP
    Nov 25, 2023
    Upvote for explaining URI vs path vs query. The information is out there... but nobody seems to care or to google.