15-Jan-2021 06:16
I have a requirement where the urls on a website must be accessible from Internal networks only. what is the easiest way to do this without irules?
can I put in an IP address exception for private IPs and set it to 'Never block this IP' and add the URLs to blocklist to achieve this?
Please advise.
15-Jan-2021 06:27
Hi Sarath413,
Does this concern all URLs ? if it is that configure the Virtual Server on internal VLAN only.
15-Jan-2021 06:29 - last edited on 24-Mar-2022 01:26 by li-migration
Thanks for the response. No, we want to allow few URLs externally and all URLs internally.
15-Jan-2021 06:52
you can try to set this up :
1 - VS1 /Virtual Server exposed on internal VLAN without URL restrictions
2- VS2 /Virtual Server exposed on external VLAN (with same pool members VS1-) and add the URLs you want blocked in Disallowed URLs List.
15-Jan-2021 06:57 - last edited on 24-Mar-2022 01:26 by li-migration
Sorry for the dumb question as I'm new to F5. Are external and Internal VLANs predefined? Mine is a one-arm deployment.
15-Jan-2021 07:00
In one-arm , you cannot build the above configuration because you are only one VLAN/interface.
15-Jan-2021 07:12
okay. In that case, can I achieve my requirement with IP address exception set to 'never block ' on Internal IPs and add the URLs to blocklist?
23-Feb-2021 11:04
Yes, you can do it in this way. Just define all URLs , which should be available externally as allowed and set "Never Block" for internal IP. Just pay attention, that "Never Block" means don't block any violation from that IP.
