Forum Discussion
Lee_Sutcliffe
Sep 12, 2018Nacreous
You could do this more simply using datagroups. Define your folders in one datagroup 'folder_dg' and your internal ip addresses in another 'internal_ips'
The iRule will check if the URI contains anything in the datagroup 'folder_dg', if the IP is not internal (not in the internal_ip) datagroup. The connection will be rejected. You do not need to define the NAT IPs as you want to block all other IPs anyway
For example:
ltm data-group internal folder_dg {
records {
_vti_bin {}
_layouts {}
_windows {}
}
type string
}
ltm data-group internal internal_ips {
records {
10.10.200.0/24 {}
10.10.201.0/24 {}
}
type ip
}
when HTTP_REQUEST {
if {[class match [HTTP::uri] contains folder_dg]} {
if {!([class match [IP::addr [IP::client_addr]] equals internal_ips])} {
reject
}
}
}