Forum Discussion

Alan_B__139698's avatar
Alan_B__139698
Icon for Altostratus rankAltostratus
Nov 06, 2018

iRule help to restrict access to particular URI on vserver

I've been asked to restrict access to a site's "/admin" page to only the networks/IPs used by support techs. I was thinking a redirect to the primary site ("mysite.com" for the example) for such traffic would work fine, using an irule to do it.

 

Basically... When an HTTPS request containing "mysite.com/admin" comes in, and it's NOT coming from 175.100.50.0 OR 200.20.10.18 (example IPs, btw), then redirect to ";

 

Can any of the iRule senseis help me?

 

Thanks!

 

2 Replies

  • Hey Alan,

    Try this, make sure you create a Datagroup of admin_ips and add your require subnets in there, you can change the operator "starts_with" to something else (equals/contains) to match your requirements in future.

    when HTTP_REQUEST {
        if { [HTTP::uri] starts_with "/admin" and (![class match [IP::remote_addr] equals admin_ips]) } { 
            HTTP::redirect "https://mysite.com"
        }   
    }
    
  • Snl's avatar
    Snl
    Icon for Cirrostratus rankCirrostratus

    ensure to add stringtolower to avoid case sensitive bypass

    when HTTP_REQUEST {
        if { [string tolower [HTTP::uri] starts_with "/admin" and (![class match [IP::remote_addr] equals admin_ips]) } { 
            HTTP::redirect "https://mysite.com"
        }   
    }