Whitelist based on source IP and URI

Good Morning,

 

I have been asked to restrict access to multiple apps hosted under the same VS, with different access lists for each. I wrote an iRule that uses if/elseif/else blocks, and accesses several different datagroups, but I have been advised that the "switch" command is more economical on the system. Can I get some input on the best way to do this? Most of the examples I have seen use if statements, so I was assuming that was the way to go. If someone can give me an opinion on this iRule, and whether it can be tightened up with the "switch" command I would appreciate it. I have all of the datagroups created, and have ordered the statements in order of which one is the most frequent case.

 

 

when HTTP_REQUEST {

 

if {([matchclass [IP::client_addr] equals $::corporate_whitelist_dg])}{

 

}

 

elseif {([matchclass [HTTP::uri] starts_with "/ProSuiteWeb" ]) and ([matchclass [IP::client_addr] equals $::prosuite_prosuiteweb])}{

 

}

 

elseif {([matchclass [HTTP::uri] starts_with "/RealTimeMatchV1" ]) and ([matchclass [IP::client_addr] equals $::prosuite_realtimematchv1])}{

 

}

 

elseif {([matchclass [HTTP::uri] starts_with "/QuizGraderV1" ]) and ([matchclass [IP::client_addr] equals $::prosuite_quizgraderv1])}{

 

}

 

elseif {([matchclass [HTTP::uri] starts_with "/SprintWeb" ]) and ([matchclass [IP::client_addr] equals $::prosuite_sprintweb])}{

 

}

 

elseif {([matchclass [HTTP::uri] starts_with "/TemplateV1" ]) and ([matchclass [IP::client_addr] equals $::prosuite_templatev1])}{

 

}

 

elseif {([matchclass [HTTP::uri] starts_with "/IdentityManagerV1" ]) and ([matchclass [IP::client_addr] equals $::prosuite_identitymanagerv1])}{

 

}else {

 

discard

 

log local0.info "Blocked-client [IP::remote_addr] requesting: [HTTP::uri]"

 

}

 

}

 

 

 

Thanks in advance.

 

 

Adam