Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Whitelist IP in F5 based on URL

gauravk
Nimbostratus
Nimbostratus

‎27-Jun-2022 03:28

Hi All,

I have a public domain which is exposing several APIs and being accessed by many partners. This state should remain as-is.

Now, there is another API which should only be accessed by IPs which are in my whitelist IPs list without any impact to above mentioned API traffic.

For example:

[1] /path/to/api1 -- > can only be accessed by IP1 , IP2, IP3...

[2] other apis --> no restriction

 

Labels:
0 Kudos
2 REPLIES 2

Mayur_Sutare
MVP
MVP

‎27-Jun-2022 20:22

Hi @gauravk ,

You can try below iRule. Here "Allow-List" is a IP type of DataGroup.

 

when HTTP_REQUEST {
if {[HTTP::uri] eq "/path/to/api1"} {
if {![class match [IP::client_address] equals Allow-List]} {
HTTP::respond 403 content "<html><body>Access not permitted</body></html>" Connection Close
TCP::close
}
}
}

 

Hope it helps!

0 Kudos

gauravk
Nimbostratus
Nimbostratus
In response to Mayur_Sutare

‎28-Jun-2022 18:41

Thanks @Mayur_Sutare 

I will try this solution. May I know what is the difference between client_address and remote_addr. which one should be used ideally to get the client IP in order to be used in IP whitelisting.

Regards Gaurav

0 Kudos
Copyright © 2023 Khoros, LLC