cancel
Showing results for 
Search instead for 
Did you mean: 

Whitelist IP in F5 based on URL

gauravk
Nimbostratus
Nimbostratus

Hi All,

I have a public domain which is exposing several APIs and being accessed by many partners. This state should remain as-is.

Now, there is another API which should only be accessed by IPs which are in my whitelist IPs list without any impact to above mentioned API traffic.

For example:

[1] /path/to/api1 -- > can only be accessed by IP1 , IP2, IP3...

[2] other apis --> no restriction

 

2 REPLIES 2

Hi @gauravk ,

You can try below iRule. Here "Allow-List" is a IP type of DataGroup.

 

when HTTP_REQUEST {
if {[HTTP::uri] eq "/path/to/api1"} {
if {![class match [IP::client_address] equals Allow-List]} {
HTTP::respond 403 content "<html><body>Access not permitted</body></html>" Connection Close
TCP::close
}
}
}

 

Hope it helps!

Thanks @Mayur_Sutare 

I will try this solution. May I know what is the difference between client_address and remote_addr. which one should be used ideally to get the client IP in order to be used in IP whitelisting.

Regards Gaurav