Forum Discussion

N_67263's avatar
N_67263
Icon for Nimbostratus rankNimbostratus
Oct 07, 2014

iRule heelp needed to allow only specific IP addresses.

Folks, I am looking for an iRule which allow particular source IP only if a particular URI is in the http request. If this URI is not in the request it should allow all IP's.

 

e.g. http://nik.test.com/support/test.html should be allowed for only certain IP's as "/support/test.html" is in the iRule. If it is something like http://nik.test.com/xyz/xyz.html it should just allow all the IP addresses.

 

Any suggestion?

 

Thanks, Nik

 

application delivery
devops
iRules

2 Replies

Sort By
  • ab30_149107's avatar
    ab30_149107
    Icon for Nimbostratus rankNimbostratus
    Oct 07, 2014

    Dear Nikhil,

     

    Try this, I have corrected the syntax errors.

     

    when HTTP_REQUEST { if { ([HTTP::uri] ends_with "/support/test.html") and ( [IP::addr [IP::client_addr] equals 1.1.1.1] ) } { HTTP::redirect "http://[HTTP::host]/support/test.html" } elseif { ([HTTP::uri] ends_with "/support/test.html") } { reject } else { pool test_pool } }

     

    Thank You, Abhisar.

     

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Oct 07, 2014

    "http://nik.test.com/support/test.html should be allowed for only certain IP's as "/support/test.html" is in the iRule. If it is something like http://nik.test.com/xyz/xyz.html it should just allow all the IP addresses."

    Sounds like you just need to restrict access to one URI. Hopefully this irule is simpler. You'll need to created a datagroup with a list of your allowed IP addresses first then:

    when HTTP_REQUEST { 
    if { ([HTTP::uri] ends_with "/support/test.html") and not ([class match [IP::client_addr] equals allowed_ips]) } {
     reject  
    } 
  }

    Not near my iRule editor to 100% check syntax. Hope it's correct.

    Rgds

    N