Block Specific URL from Specific Region

Question

Hello ,&nbsp;
Im trying to block HTTPS request on specific URL from specific region and source IP address.&nbsp;
Is it possible to block specific URL from a source region?&nbsp;
Example we have 3 subdomains:-
a)abc.xyz.com:should blocl all source IPs from  region A
b)efg.xyz.com should block all source IPs from  region B&nbsp;
I have tried the below irule to block a specific IP address and applied it an an HTTPS VIP unfortunately its not working:-&nbsp;
when HTTP_REQUEST {
            if { ([string tolower [HTTP::uri]] contains "abc") and ( [IP::addr "x.x.x.x" equals [IP::client_addr]] ) } {
                 drop
            } else {
               return
            }
        }&nbsp;
Hope someone could help.&nbsp;
Thank you in advance.&nbsp;

habib_khan · Answer

Hi,&nbsp;
If your aware of what ip range or subnet you want to block you can use below irule. If geolocation wise you need to block, you need to have your LTM able to connect to Internet.&nbsp;
when HTTP_REQUEST {&nbsp;
if {[IP::addr [IP::client_addr] equals x.x.x.x/x]}{
drop
   }
  }
If you want to drop IP and sepcific uri. You can use below irule.&nbsp;
when HTTP_REQUEST {&nbsp;
if {[IP::addr [IP::client_addr] equals x.x.x.x/x]}{
   if {([string tolower [HTTP::uri]] contains "/xyz") || ([string tolower [HTTP::uri]] contains "/abc")|| ([string tolower [HTTP::uri]] contains "/def")}{
            drop
   }
  }
}&nbsp;

f5_324021 · Answer

Hello ,&nbsp;
I have got the below irule wokring fine, however i need to restrict based on country code or region is it possible , preferred to have country datagroup.?&nbsp;

habib_khan · Answer

You can check this technical article link text. This has details for blocking using geolocation.¬†

f5_324021 · Answer

Hello,&nbsp;
i have used the below irule however it didnt worked:-&nbsp;
when HTTP_REQUEST {&nbsp;
if { ([HTTP::uri] contains "X") and ( [IP::addr "x.x.x.x" equals [IP::client_addr]] ) and ([string tolower [whereis [IP::remote_addr] country]] contains "Asia" ])}
  {
  drop
  }
}&nbsp;

vijay_e · Answer

Your syntax for IP address match is wrong. It should be: [IP::addr [IP::client_addr] equals x.x.x.x/x]

Forum Discussion

Block Specific URL from Specific Region

5 Replies

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

F5 Distributed Cloud - Regional Decryption with Virtual Sites

Disabling Specific Weak Cipher Suites

F5 NGINXaaS for Azure: Multi-Region Architecture

find specific SNMP OID

F5 Distributed Cloud - Regional Edge Health Monitoring Insights