Forum Discussion

DhruvaS_267726's avatar
DhruvaS_267726
Icon for Nimbostratus rankNimbostratus
Sep 06, 2017

iRule to Allow the String for specific IP Address and block the access for rest

Hi Experts,

 

I have requirement to allow the String "/___special___" only from Internal Network and Block the access for rest of the world.

 

I have created below iRule:

 

Created the Data Group Local Traffic ›› iRules : Data Group List -> Internal_IP = 10.6.0.0/24

 

iRule: when HTTP_REQUEST { if {[HTTP::uri] contains "/___special___"} { if {not[class match [IP::client_addr] equals Internal_Net] } { log local0.alert "Rejecting \"[HTTP::host][HTTP::uri]\" Special request from [IP::client_addr]" reject } } }

 

I have tested the URL which contains the string, but the URL didn't work.

 

Also tried one more iRule -

 

when HTTP_REQUEST { if { ([string tolower[HTTP::uri]] equals "/___special___") and ([class match [IP::client_addr] eq Internal_Net]) } { else { reject } } }

 

But both didn't work.

 

FYI: The iRule and the Data group are in different Partition. Is this may cause any issue.

 

Please assist me.

 

Thanks in advance. Dhruav S.

 

application delivery
LTM

1 Reply

Sort By
  • Lee_Sutcliffe's avatar
    Lee_Sutcliffe
    Icon for Nacreous rankNacreous
    Sep 06, 2017

    You need to specify the partition when calling the datagroup if this is in anything else other than /Common/. Also if both partitions are child partitions, they will not be able to access each other's content. 

    when HTTP_REQUEST {
 if {([HTTP::uri] contains "/___special___") && (not[class match [IP::client_addr] equals /partition/Internal_Net])} { 
    log local0.alert "Rejecting \"[HTTP::host][HTTP::uri]\" Special request from [IP::client_addr]" 
    reject
    } 
 }

    MP