Forum Discussion

Nimbostratus

Sep 11, 2018

iRule to block access to folders within IIS

Hi I have an issue with an iRule working in a Virtual LAB environment but when applied to the live environment it behaves differently. The difference between the Virtual LAB and the live is the I...

application delivery

iRules

Lee_Sutcliffe

Nacreous

Sep 12, 2018

You could do this more simply using datagroups. Define your folders in one datagroup 'folder_dg' and your internal ip addresses in another 'internal_ips'

The iRule will check if the URI contains anything in the datagroup 'folder_dg', if the IP is not internal (not in the internal_ip) datagroup. The connection will be rejected. You do not need to define the NAT IPs as you want to block all other IPs anyway

For example:

ltm data-group internal folder_dg {
    records {
        _vti_bin {}
        _layouts {}
        _windows {}
    }
    type string
}

ltm data-group internal internal_ips {
    records {
        10.10.200.0/24 {}
        10.10.201.0/24 {}
    }
    type ip
}

when HTTP_REQUEST {
    if {[class match [HTTP::uri] contains folder_dg]} {
        if {!([class match [IP::addr [IP::client_addr]] equals internal_ips])} {
            reject
        }
    }
}

Forum Discussion

iRule to block access to folders within IIS

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations

Perl Management Folder

iControl 101 - #24 - Folders

API Security: How to implement API Access Control with F5

F5 BIG-IP Access Policy Manager (APM) Machine Tunnels for Windows