Forum Discussion

Rafish_129330's avatar
Rafish_129330
Icon for Nimbostratus rankNimbostratus
May 18, 2017

irule to allow specific url and drop everything else base on src ip

Hello,

 

Need help to add some condition to work irule,

 

I have irule that deny access to uri that contains "admin" "login" and "mydb" From all ip address except my ip

 

This the irule: (work) when HTTP_REQUEST {

 

  • check the Class to determine if it's not allowed
  • deny access to site /admin and /login from external ip address
  • Allow only my ip address to connect site /admin and /login

if {[HTTP::uri] contains "admin" || [HTTP::uri] contains "login" || [HTTP::uri] contains "mydb"} { if {not[class match [IP::client_addr] equals my_ip_Address] } { log local0. "dropped connection my ip address[IP::client_addr]" reject } } }

 

Now i need to add to this irule: allow all to reach url site.domain.com that contains uri /xxx/yyy/zzz and after that above url.

 

Thanks

 

1 Reply

  • Hello,

    Try this

       when HTTP_REQUEST {
    
     if {[HTTP::uri] contains "admin" || [HTTP::uri] contains "login" || [HTTP::uri] contains "mydb"} { 
        if {not[class match [IP::client_addr] equals my_ip_Address] } { 
        log local0. "dropped connection my ip address[IP::client_addr]" 
        reject 
       } 
     } 
    
     if { !(([string tolower [HTTP::host]] eq "site.domain.com") and ([HTTP::path] starts_with "/xxx/yyy/zzz")) } {
      log local0. "rejected request [HTTP::uri] for client [IP::client_addr]"
      reject
      }
    }