Forum Discussion

Nimbostratus

Mar 05, 2012

Restriction of access to URI by IP

So I'm needing to restrict access to 4 URIs by IP Address. I have created the following iRule and Datagroup. At this time, it works for the first URI in the list, but returns a 404 error for the rest ...

Cirrostratus

Mar 05, 2012

Hi Joe,

Are you sure about the 404? The iRule should either send a 403 or send the request to the VS default pool. I don't see how LTM could cause a 404 here either by rewriting the request or selecting the wrong pool.

Though you are missing a space between matchclass and the client IP in the last three switch cases. That should cause a runtime TCL error and TCP reset being sent to the client.

Also, you could combine the four URIs into one switch action like this:

when HTTP_REQUEST {
    switch -glob [string tolower [HTTP::path]] {
        "/grda*" -
        "/grsupport*" -
        "/grreg*" -
        "/grrt*" {
            if {not [matchclass [IP::client_addr] equals grs_access]}{
                HTTP::respond 403 content {Blocked!}
            }
        }
    }
}

Aaron

Forum Discussion

Restriction of access to URI by IP

Recent Discussions

GTM Packet Capture command

How to Implement 2 Way SSL in F5 LTM

BWC iRule

Citrix XenServer Big-IP Upgrade help

BIG-IP DNS iRule issue with static variable

Related Content

Irule for restricting access

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

Office 365 Tenant Restrictions

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

Restricting access to a virtual server by Public IP address should access through only domain name.