Restrict Access to a URL with a iRule

Dan44 · ‎24-Jun-2019

Hi all,

i have a web server and would like to restrict the access to the server. The access should only work if the request contains "/spa" or the the IP machtes the IPs in the data group. Unfortunately the iRule doesn't work. I am allays getting a HTTP 403. Does someone sees a error in the iRule or have some experience with restricting the access by IP and URL path?

when HTTP_REQUEST {
if { [string tolower [HTTP::uri]] contains "/spa" or [class match [IP::client_addr] equals allowIP]} {
pool web-server001
 
} else {
HTTP::respond 403
}
}

THX!

JG · ‎24-Jun-2019

You might want to put in some logging to help troubleshooting, e.g.

log local0. "[HTTP::uri] ; [IP::client_addr]"

in the conditional to see where the incoming request gets.

Also, you should enable OneConnect if you have not done so.

Dan44 · ‎24-Jun-2019

hi

i have enabled the login. with help of the logs we find out that the "client_addr" was always the interface IP of the firewall. the problem was that on the firewall (NAT enabled). After disabling NAT on the FW the rule worked.

JG · ‎24-Jun-2019

Good to hear you have got the problem sorted.

Kai_Nguyen · ‎01-Dec-2020

hi Dan, so is this irule working for web server behind dmz? do you mind explaining about the NAT enabled part on the FW ? do you have to modify the irule at the end?

Thanks

Kai

DevCentral

Restrict Access to a URL with a iRule

Register For AppWorld 2024

F5 Receives Six Trust Radius
Best of 2023 Awards

F5 XC WAF

F5 BIG-IP

DevCentral

Restrict Access to a URL with a iRule

Register For AppWorld 2024

F5 Receives Six Trust Radius Best of 2023 Awards

F5 XC WAF

F5 BIG-IP

F5 Receives Six Trust Radius
Best of 2023 Awards