Restrict access by uri and ip
Hi everyone i'm new to the F5 community and i'm having troubles with an iRule.
I need to be abble to restrict the access of many uri based on multiple ip addresses who may vary between each uri. I would like to have the most clear and short iRule possible in order to be able to modify it later with ease. (I'm in V10.2.4)
I came up with that iRule and it works but i would like to replace the if-elseif statements with a switch for more clarity :
when HTTP_REQUEST {
switch -glob [HTTP::uri] {
"/error*" {
if { [class match [IP::client_addr] equals ipgrouptest] } {
if the client IP match the ipgrouptest class we do nothing
}
elseif { [class match [IP::client_addr] equals ipgrouptest2] } {
if the client IP match the ipgrouptest2 class we do nothing
}
else { HTTP::respond 403 }
}
"/example*" {
if { [class match [IP::client_addr] equals ipgrouptest] } {
if the client IP match the ipgrouptest class we do nothing
}
elseif { [class match [IP::client_addr] equals ipgrouptest3] } {
if the client IP match the ipgrouptest3 class we do nothing
}
else { HTTP::respond 403 }
}
}
}
Despite trying a lot of stuff I can't make it work like I want it to. If someone have an idea or a solution for my problem it would be really nice !
Thanks in advance and sorry if i'm not clear enough, english is not my mother tongue.