Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Allow access to 2 wildcard URIs from internet and allow all URIs from internal organization network

iRule
Cirrus
Cirrus

‎10-Apr-2023 16:17

Dear Community,

I received a requirement from application gateway team that they need to expose only two URIs to internet consumers and all URIs should be accessable to internal organnization users.

Wildcard URIs Allowed from Internet

xyz.com/abc/asdf/morning/* 

xyz.com/abc/asdf/evening/*

All  URIs allowed from internal origanization private IPs

xyz.com/*

Please inform how I can accomplish this from ASM policy

Labels:
0 Kudos
1 REPLY 1

Enes_Afsin_Al
MVP
MVP

‎10-Apr-2023 17:26

Hi,

It's easier to do with iRule or LTM policy.

when HTTP_REQUEST {
	if { not ([class match [IP::client_addr] equals /Common/private_net]) } {
		switch -glob [HTTP::uri] {
			"/abc/asdf/morning/*" -
			"/abc/asdf/evening/*" {
				return
			}
			default {
				drop
				return
			}
		}
	}
}

If you want to do it with WAF, you need two WAF policy. One for the internal network, the other for the external network. And you need to set these policies with LTM policy or iRule.

313360-1.jpg

In the external waf policy, you should to add the allowed URLs and remove the wildcard URL in the Allowed URLs list.

313360-2.jpg

Illegal URL violation values must be enable in Learning and Blocking Settings.

313360-3.jpg

Copyright © 2023 Khoros, LLC