Forum Discussion

chris-gwin-nm_2's avatar
chris-gwin-nm_2
Icon for Nimbostratus rankNimbostratus
Dec 09, 2015

irule question - restricted url wild card

I want to be able to create an irule that allows only certain ip addresses to a url, and every other ip gets re-directed to the home page. I have a rule that works the way I want it to, however, the ...
BIG-IP
iRules
security
Kai_Wilke's avatar
Kai_Wilke
Icon for MVP rankMVP
Dec 10, 2015

Hi Chris,

 

  • the "contains" operator is acutally a "/web/verificationService" wildcard.
  • the "starts_with" operator is acutally a "/web/verificationService*" wildcard.
  • the "ends_with" operator is acutally a "*/web/verificationService" wildcard.
  • the "equals" operator doesn't include any wildcards.

So you may want to change your code to use the "starts_with" operator to optimize accuracy and also performance.

 

when HTTP_REQUEST {
    Base URL for filter
    set restricted_url "/web/verificationService"
    set redirected_url "/web"
    Get the source IP.
    set source_IP [IP::remote_addr]
    If the request includes the restricted_url...
    if { ([HTTP::uri] starts_with "$restricted_url") } {
         Compare the the source IP against a list of internal IP addresses.
        if { [IP::addr $source_IP equals 10.57.32.0/255.255.255.0] or
             [IP::addr $source_IP equals 10.62.62.18/255.255.255.255] or 
             [IP::addr $source_IP equals 10.57.30.0/255.255.255.0] } {
             The source IP is internal.  Allow the request.
            log local0. "Access to $restricted_url allowed.  Source IP: $source_IP"
        } else {
             The source IP is not internal.  Redirect the request.
            log local0. "Access to $restricted_url redirected.  Source IP: $source_IP"
            HTTP::redirect "https://[getfield [HTTP::host] ":" 1]$redirected_url"
        }
    }
}

Cheers, Kai