I have a requirement where the urls on a website must be accessible from Internal networks only. what is the easiest way to do this without irules?
can I put in an IP address exception for private IPs and set it to 'Never block this IP' and add the URLs to blocklist to achieve this?
15-Jan-2021 06:29 - last edited on 24-Mar-2022 01:26 by li-migration
Thanks for the response. No, we want to allow few URLs externally and all URLs internally.
you can try to set this up :
1 - VS1 /Virtual Server exposed on internal VLAN without URL restrictions
2- VS2 /Virtual Server exposed on external VLAN (with same pool members VS1-) and add the URLs you want blocked in Disallowed URLs List.
15-Jan-2021 06:57 - last edited on 24-Mar-2022 01:26 by li-migration
Sorry for the dumb question as I'm new to F5. Are external and Internal VLANs predefined? Mine is a one-arm deployment.
In one-arm , you cannot build the above configuration because you are only one VLAN/interface.
okay. In that case, can I achieve my requirement with IP address exception set to 'never block ' on Internal IPs and add the URLs to blocklist?
Yes, you can do it in this way. Just define all URLs , which should be available externally as allowed and set "Never Block" for internal IP. Just pay attention, that "Never Block" means don't block any violation from that IP.