cancel
Showing results for 
Search instead for 
Did you mean: 

Setup F5 big-ip irules to allow source ip to specific uri only and drop other access

doi_dsat
Nimbostratus
Nimbostratus

I would like to know how to setup a irule to meet below requirement:

  1. if source ip equal to '1.2.3.4'
  2. allow access to "https://abc/def" only (abc is virtual server, def is data group mapping content on virtual server)
  3. and block other access, not allow to access to "https://abc/XXX" (XXX for others mappings)

 

thank you.

1 REPLY 1

Hello Doi.

 

Try this ->

when HTTP_REQUEST { # reject user if source IP is not 1.2.3.4 and first path value is not included in DATAGROUP if { ([class match [getfield [string tolower [HTTP::path]] "/" 0] neq DATAGROUP]) || ([IP::addr [IP::client_addr] neq 1.2.3.4]) } { reject } }

Regards,

Dario.

Regards,
Dario.