Whitelist IP in F5 based on URL

Question

Hi All,I have a public domain which is exposing several APIs and being accessed by many partners. This state should remain as-is.Now, there is another API which should only be accessed by IPs which are in my whitelist IPs list without any impact to above mentioned API traffic.For example:[1] /path/to/api1 -- &gt; can only be accessed by IP1 , IP2, IP3...[2] other apis --&gt; no restriction&nbsp;

mayur_sutare · Answer

Hi&nbsp;gauravk&nbsp;,
You can try below iRule. Here "Allow-List"&nbsp;is a IP type of DataGroup.
&nbsp;
when HTTP_REQUEST {
if {[HTTP::uri] eq "/path/to/api1"} {
if {![class match [IP::client_address] equals Allow-List]} {
HTTP::respond 403 content "&lt;html&gt;&lt;body&gt;Access not permitted&lt;/body&gt;&lt;/html&gt;" Connection Close
TCP::close
}
}
}

&nbsp;
Hope it helps!

gauravk · Answer

Thanks&nbsp;Mayur_Sutare&nbsp;I will try this solution. May I know what is the difference between client_address and remote_addr. which one should be used ideally to get the client IP in order to be used in IP whitelisting.Regards Gaurav

Forum Discussion

Whitelist IP in F5 based on URL

2 Replies

Recent Discussions

no available managed rule groups for Israel il-central-1

[ASM] - what is "Browser Challange file" ?

Rewrite uri translation not working

About shun list for L7 DDoS?

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

Related Content

URL based redirection

Whitelisting access to URLs based on specific IPs

ASM block all whitelisted urls and parameters in standby device

Whitelist certain inbound IPs

iRule based RADIUS Client Stack