Forum Discussion

Gurdip_Sira_172's avatar
Gurdip_Sira_172
Icon for Nimbostratus rankNimbostratus
Aug 14, 2016

Help needed with an iRule to return 401 for sites

Hi,

I am working on an iRule that I would like to loop through a data group list and for each url in the site, return a 401 error for everyone bar one machine, who's IP I have in the condition (the server should not be proxied so the IP of the machine is the final IP to reach F5).

I have the below but it does not work:

 

when HTTP_REQUEST {
 if {not [IP::addr [IP::client_addr] equals x.x.x.x]} {
 if { ([class match [string tolower [HTTP::host][HTTP::uri]] contains LegalSites]) } {
  HTTP::respond 401 
}
}
}

 

LegalSites is a datagroup uploaded from a txt file with a url per line. I'm not sure if I should use string or address as the type for URLs?

How could I also state if the date and time is => 8/14/2016 18:00 then the rule should execute (i.e. another if condition)? I am also not sure what the difference is between client ip and remote ip?

Thanks!

application delivery
iRules
LTM

2 Replies

Sort By
  • Vijay_E's avatar
    Vijay_E
    Icon for Cirrus rankCirrus
    Aug 14, 2016

    Try this:

     

    when HTTP_REQUEST {
 if {not ([IP::addr [IP::client_addr] equals x.x.x.x]) } {
 if { ([class match [string tolower [HTTP::host][HTTP::uri]] contains LegalSites]) } {
  HTTP::respond 401 Location "http://[HTTP::host][HTTP::uri]"
}
}
}

     

    For serving error page, look at this devcentral link and this link.

    Check this for time-based iRule execution: link text

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Aug 15, 2016

    Hi,

    • client_ip is the client IP
    • remote_ip is client IP in clientside events (HTTP_request is a clientside event), and server IP in server side events

    Why do you respond with 401 code which is the authentication response code.

    if you want authentication, you must reply with the following parameters:

     

    HTTP::respond 401 noserver WWW-Authenticate "Basic realm=\"Your authentication realm\""

     

    if you want HTTP redirect (with location header), the response code is 302 (temporary redirect) or 301 (persistent redirect)