Forum Discussion

oninicus_162976's avatar
oninicus_162976
Icon for Nimbostratus rankNimbostratus
Feb 01, 2016

Source:IP filter irule

Hi Guys,

 

Just new to F5 and currently facing some difficulties on irules. Kindly help me on irule for below requirement.

 

11.5 version **URL main page can be accesed by anyone from the internet (any) **Same URL can only be accessed by specific subnets (source: 116.213.0.0/16 and 141.113.128.0/19) if uri is /login

 

2 Replies

  • Hi Oninicus,

    you may try this iRule snippet as a starting point...

     

    when HTTP_REQUEST {
        if { [string tolower [HTTP::uri]] eq "/login" } then {
            if { ([IP::addr [IP::client_addr] equals 116.213.0.0/16]) or 
                 ([IP::addr [IP::client_addr] equals 141.113.128.0/19]) } then {
                 Let the request pass...
            } else {
                HTTP::respond 403 content "Access Denied"
            }        
        } else {
             Let the request pass...   
        }
    }
    

     

    Cheers, Kai

  • Hi Oninicus,

     

    its also possible to use [class match] for the IP comparsion. But keep in mind, that [class match] requires LTM data-groups to store the allowed IP adresses / subnets.

    The [class match] code would look like this...

    Datagroup:

     

    ltm data-group internal YOUR_DATA_GROUP {
        records {
            116.213.0.0/16 { }
            141.113.128.0/19 { }
        }
        type ip
    }
    

     

    iRule:

     

    when HTTP_REQUEST {
        if { [string tolower [HTTP::uri]] eq "/login" } then {
            if { [class match [IP::client_addr] equals YOUR_DATA_GROUP] } then {
                 Let the request pass...
            } else {
                HTTP::respond 403 content "Access Denied"
            }        
        } else {
             Let the request pass...   
        }
    }
    

     

    Cheers, Kai