Forum Discussion

Kevhed's avatar
Kevhed
Icon for Nimbostratus rankNimbostratus
Jun 05, 2017

irule allowing access from multiple subnets

Hi group,

 

I'm using the below irule to block access to a file called "sales_new" for everyone except if you're coming from the 10.0.0.0/8. This irule is working perfectly. But now I need to add the 172.16.0.0/12 subnet to the irule...so I would be allowing access from 10.0.0.0/8 and 172.16.0.0/12. Having troubles adding the other 172.16.0.0 subnet to the irule. Since I'm not the best irule coder yet...any suggestions? Thanks in advance

 

when HTTP_REQUEST { log local0. "Client IP: [IP::client_addr]" log local0. "URI: [HTTP::uri]" if { ([HTTP::uri] contains "/Sales_New" ) and not ( [IP::addr "10.0.0.0 mask 255.0.0.0" equals [IP::client_addr]] ) } { log local0. "dropped" reject }

 

}

 

1 Reply

  • Hi,

     

    Just change it to, probably not the best code around but should work:

     

    when HTTP_REQUEST {
        log local0. "Client IP: [IP::client_addr]"
        log local0. "URI: [HTTP::uri]"
        if { ([HTTP::uri] contains "/Sales_New" ) and not ( [IP::addr "10.0.0.0 mask 255.0.0.0" equals [IP::client_addr]] or [IP::addr "172.16.0.0 mask 255.240.0.0" equals [IP::client_addr]]) } {
        log local0. "dropped"
        reject
        } 
    }