Forum Discussion

Afroz_Ahmad_114's avatar
Afroz_Ahmad_114
Icon for Nimbostratus rankNimbostratus
Apr 26, 2014

Block Website URI for certain users

Hello Experts,

 

We want to block a particular website URI for external users and allow for internal users. It is https based website and SSL offload is happening on F5 LTM , help is much appreciated.

 

Below are the details:- Block https://xxx.com/rrr_i for internet users and ensure that it is accessible to internal users.

 

https://xxx.com/rrr_i (Internal, should not be visible for public internet)

 

https://xxx.com/rrr_e (external, to be visible for public internet)

 

application delivery
devops
iRules
LTM
performance

6 Replies

Sort By
  • Patrik_Jonsson's avatar
    Patrik_Jonsson
    Icon for MVP rankMVP
    Apr 26, 2014

    Hi!

    I'd probably create a data group list with the internal networks of the office (or external IP's of the offices) and match against that:

    when HTTP_REQUEST {

    set uri [string tolower [HTTP::uri]

    if { $uri starts_with "/rrr_i" and ![class match [IP::client_addr] equals officenetworks] } {
        HTTP::respond 301 Location "https://xxx.com/rrr_e"
        You can also chose to drop the packet with the drop command too
    }
}

    /Patrik

  • Mahmoud_Eldeeb_'s avatar
    Mahmoud_Eldeeb_
    Icon for Cirrostratus rankCirrostratus
    Apr 28, 2014

    yes, it should be applied to a VS. but which one? this is the question. as long as he is using a ssl-offload so he had two VS. for each

     

    • Afroz_Ahmad_114's avatar
      Afroz_Ahmad_114
      Icon for Nimbostratus rankNimbostratus
      Apr 28, 2014
      I have one virtual server with 443 port with one node:443 and SSL offload is happening on the same virtual server at both side (client and server).
  • Mahmoud_Eldeeb_'s avatar
    Mahmoud_Eldeeb_
    Icon for Cirrostratus rankCirrostratus
    Apr 28, 2014

    yes in this case, you have to have only one VS., which will terminate encryption for both sides (server/client) .