Forum Discussion

Gerald_Meese's avatar
Aug 14, 2018

iRule to restrict access on combinations of URI's / source addresses

Hello !

 

I've problems to write an iRule that would allow access only to :

 

  • URI starting with /uri1/... only from datagroup1
  • URI starting with /uir2/... only from datagroup2

All other connections would end up with a 403 Forbidden.

 

I tried different positive/negative combinations but none of them work... Thanks a lot for your help !

 

Gerald

 

1 Reply

  • Please try the below, I assume the datagroups you referred are the IP type.

    Assume you have 2 datagroups where the whitelisted IP's are present.

    • If Users coming from datagroup1 send requests starting with URI "/uri1/" it will allow.
    • If Users coming from datagroup2 send requests starting with URI "/uri2/" it will allow.

    Below are the referenced datagroups that were called in the Irule.

    ltm data-group internal datagroup1 {
        records {
            20.20.20.20/32 { }
        }
        type ip
    }
    ltm data-group internal datagroup2 {
        records {
            10.10.10.12/32 { }
        }
        type ip
    }
    

    Irule:

    ltm rule test-jai-uri {
        when HTTP_REQUEST {
        if {([class match -- [IP::client_addr] equals datagroup1] && [HTTP::uri] starts_with "/uri1/") || ([class match -- [IP::client_addr] equals datagroup2] && [HTTP::uri] starts_with "/uri2/")}{
        log local0. "Success log"
        HTTP::respond 200 content {200 SUCCESS}
        } else {
        log local0. "Failure log"
        HTTP::respond 403 content {403 Unauthorized}
        }
        }
        }
    

    A tip: you can test any case scenario by just using simple logging and http respond options to know if your irule is working or not. I tested in my env and it works.