Forum Discussion
iRule for IP Whitelist on specific URL
I have a service that I am migrating to F5 BIG IP. It previously used IIS IP Address Restriction to control access to a particular URL. Can anyone recommend an iRule that will allow me to do the same. So for example only Clients from IPs in my whitelist are able to access mywebsite.com/private whilst allowing all other pages to go through.
HI
No no special licenses needed for HA features,the command to check license in tmos
"show /sys license"
3 Replies
Sure an iRule for that isn't hard. The question is how will you get the whitelist on the BIGIP. If you use data groups you can update a whitelist directly in the GUI, but is that an interface you want to use for this. You can also use external data groups which are a file on the BIG-IP. This can be pushed/pulled from other sources and then loaded on the BIG-IP. If you have privatewhitelist address data group defined on the BIG-IP this would do the job.
when HTTP_REQUEST { if {[HTTP::uri] eq "/private"} { if {![class match [IP::client_address] equals privatelwhitelist]} { HTTP::respond 403 content "<html><body>Access not permitted</body></html>" Connection Close TCP::close } } }
Hi Kevin,
Thanks for this. An internal data group for this would be fine as the list is going to be fairly static. I have defined my Data Group but I'm getting an error on the iRule as follows.
01070151:3: [undefined procedure: IP::client_address][IP::client_address]
Any ideas what I did wrong here? It looks like my data group has not been recognised by the irule
Kevins solution works. My issue was a typo [IP::client_address] should be [IP::client_addr]
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com