Bypass access policy for a list of servers

Question

Hello,&nbsp;
Does anyone know how to create an iRule that will allow a list of a few servers to skip the access policy on a virtual server and go directly to the server in the pool the VS is pointed at?  
&nbsp;
Ideally I would want any request to a specific uri from one of the listed servers to be able to bypass the access policy applied to that virtual server.&nbsp;
The reason is I have an application that manages the connections via a web browser and anytime I try to make a connection with an access policy applied it fails.  When I remove the access policy form the virtual server the connection will work.  I need to keep the access policy to restrict access to the site but want the servers that managed these connections to bypass access policy.  
&nbsp;
Example: Whenever any of these three servers goes to https://test.site.org/rest/services access policy will not be applied.
Server1: 10.10.1.1
Server2: 10.10.1.2
Server3: 10.10.1.3&nbsp;
My thought was to use a data group list but wasn't sure how to use that list to bypass an access policy. 
If bypassing the access policy based on uri is not possible I would settle for just allowing any of the servers in the group list to by pass the access policy for this virtual server. &nbsp;
Thanks for your time!&nbsp;

p_k · Answer

Did you try this?  
&nbsp;
when HTTP_REQUEST {&nbsp;
       switch -glob [string tolower [HTTP::uri]] &nbsp;
           "/rest/services*" {                 &nbsp;
                Disable Access policy  &nbsp;
                     ACCESS::disable&nbsp;
              }
              default {&nbsp;
              Access::enable&nbsp;
                     }&nbsp;
}  &nbsp;

kevin_davies · Answer

This is what you need. Put your addresses in a datagroup called policy_bypass. 
when HTTP_REQUEST {
  if {[HTTP::uri] eq "/rest/services" } {
    if {[class match [IP::client_addr] equals policy_bypass]} {
      ACCESS::disable
    }
  }
}

Forum Discussion

Bypass access policy for a list of servers

2 Replies

Recent Discussions

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Pricing when used with aws waf

Related Content

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations

Can I use an Irule to bypass an access policy if a cookie is present

Bypass certificate check

Restricting access to a virtual server by Public IP address should access through only domain name.