iRule for IP Whitelist on specific URL
I have a service that I am migrating to F5 BIG IP. It previously used IIS IP Address Restriction to control access to a particular URL. Can anyone recommend an iRule that will allow me to do the same. So for example only Clients from IPs in my whitelist are able to access mywebsite.com/private whilst allowing all other pages to go through.
Sure an iRule for that isn't hard. The question is how will you get the whitelist on the BIGIP. If you use data groups you can update a whitelist directly in the GUI, but is that an interface you want to use for this. You can also use external data groups which are a file on the BIG-IP. This can be pushed/pulled from other sources and then loaded on the BIG-IP. If you have privatewhitelist address data group defined on the BIG-IP this would do the job.
when HTTP_REQUEST { if {[HTTP::uri] eq "/private"} { if {![class match [IP::client_address] equals privatelwhitelist]} { HTTP::respond 403 content "<html><body>Access not permitted</body></html>" Connection Close TCP::close } } }