SXG12_131783
Dec 07, 2018Nimbostratus
Allow a specific resource's access based on source IP addresse's
Hello, I have a need to create an iRule for a url with 2 endpoints.
endpoint1 = myCertCN/path1
endpoint2 = myCertCN/path2
I need to :
- expose endpoint1 to all IP's,
- expose endpoint2 to 3 IP sets, (10.10.10.10, 11.11.11.56/29, 12.12.12.208/29)
Is below syntax correct?
when HTTP_REQUEST {
set httpUri [HTTP::uri]
set clientIp [class match -value [IP::client_addr] equals allowed_ip_addresses]
if { $httpUri starts_with "/path2" && $clientIp not equals "10.10.10.10" } {
drop
} else if { $httpUri starts_with "/path2" && $clientIp not equals "11.11.11.56/29" } {
drop
} else if { $httpUri starts_with "/path2" && $clientIp not equals "12.12.12.208/29" } {
drop
} else {
pool
}
}
In above example pool points to ip:port of myCertCN.