cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Help required to know how to configure irule for below scenario

Karthickkarunak
Nimbostratus
Nimbostratus

 

When users sourced from IPs (FqDn "outlook.office365.com") hits below 2 URLs the traffic should be redirected to pool "abc.yyy.com443" , if users sourced from out of that FqDn range hitting these URLs should be dropped or not allowed.

 

https://abc.yyy.com/

https://abc.yyy.com/owa

 

When any users hits below URLs the traffic should be redirected to pool "abc.yyy.com443"

 

https://abc.yyy.com/mapi

https://abc.yyy.com/ebc

https://abc.yyy.com/eap

 

Pool: "abc.yyy.com443"

 

This is very urgent need help to configure this

1 REPLY 1

  1. If you want to allow access to specific source IP addresses/subnet, the most secure way is to do it using IP filter rules/ASM. You can alternately do this with an iRule and data group. Create an address-based data group (ex.allowed_IPs) and add the allowed IPs/subnets in it.

 

when CLIENT_ACCEPTED {

if { not ( [class match [IP::client_addr] equals allowed_IPs] ) } {

reject

}

}

 

2. If your url 'abc.yyy.com' is same then you can directly bind pool "abc.yyy.com443" to VS associated with this URL. So all requests hitting to given URL (irrespective of URI part), request will go to same pool.

 

Hope it helps you!

 

Mayur