Block sites but allow access to specific IP'S

Question

Hi All&nbsp;I am trying to setup IRule to block website to all ip's except my offices IPI created the IRule but for some reason it's blocking also the office IP'Sanyone have Idea why it's happen?the test_allow_IP is a data group i created with all the offices IP.&nbsp;when HTTP_REQUEST {&nbsp;set low_host [string tolower [HTTP::host]]if {(( $low_host starts_with "www.example.com.au" ) || ( $low_host starts_with "example.com.au" ) ) &amp;&amp; ( not [class match [IP::client_addr] equals test_allow_IP] )} {HTTP::respond 404 content "Blocked by irule" log local0. "$low_host traffic has come from blocked subnet"}&nbsp;

iaine · Answer

Hi&nbsp;Your code looks ok.  What does your data group look like?If you change your log line slightly so that it includes the client ip, can you see it getting caught in your data group subnets?&nbsp;log local0. "$low_host traffic has come from blocked subnet - [IP::client_addr]"

ragunath154 · Answer

i think you need one more conditionwhen HTTP_REQUEST {&nbsp;set low_host [string tolower [HTTP::host]]if {(( $low_host starts_with "www.example.com.au" ) || ( $low_host starts_with "example.com.au" ) ) &amp;&amp; ( not [class match [IP::client_addr] equals test_allow_IP] )} {HTTP::respond 404 content "Blocked by irule" log local0. "$low_host traffic has come from blocked subnet"}else {return}}

Forum Discussion

Block sites but allow access to specific IP'S

2 Replies

Recent Discussions

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

About custome Response Blocking Page

About IPI check ip list

Cookie Violation - Expired TimeStamp.

CGNAT with DS-lite and LSN

Related Content

Zero Trust building blocks - F5 BIG-IP Access Policy Manager (APM) and PingIdentity

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations

Post of the Week: Blocking a Specific URI

Block traffic

domain blocking