Forum Discussion

veredgf's avatar
veredgf
Icon for Nimbostratus rankNimbostratus
Feb 04, 2020

limit IP access to certain URIs

Hi,

 

I am looking for help creating an IRULE for the following conditions:

 

  1. Allow access to two URIs within the policy to a specific group of IPs.
  2. Disallow access to these URIs to all other IPs.

 

I tried creating a traffic policy for this but was unsuccessful.

 

Thanks

 

Vered

access
ASM Advanced WAF
ip
iRules
limit
security
uri

4 Replies

Sort By
  • Simon_Blakely's avatar
    Simon_Blakely
    Icon for Employee rankEmployee
    Feb 04, 2020

    Well, a Local Traffic Policy is the most appropriate (and easiest) way to achieve this.

     

    You need a first-match policy that has three rules

     

    the top rule checks for both the allowed IP addresses and the restricted URIs, and forwards the traffic to the pool

    the next rule (above the final default rule) checks for the restricted URIs, and redirects the request back to an allowed URI or a suitable "access denied" page

    the final rule is a default rule that passes all traffic requests to the pool

     

     

    • veredgf's avatar
      veredgf
      Icon for Nimbostratus rankNimbostratus
      Feb 05, 2020

      Thanks - I kept getting tangled with ASM in my traffic rule. I will set this one up.

       

      Vered

      • Simon_Blakely's avatar
        Simon_Blakely
        Icon for Employee rankEmployee
        Feb 05, 2020

        OK - you will want to enable the ASM policy on the default and the top rule that pass traffic to the pool members. The rule that redirects non-valid users from the restricted URIs does not need ASM inspection.

  • neeeewbie's avatar
    neeeewbie
    Icon for MVP rankMVP
    Feb 06, 2020

    first of all you have to check uri using data group, I thnk you would rather using if and then check source ip using if

     

    example)

    • if { [check url]

    if{ [check source] }