Forum Discussion

Mohammed_Moin_2's avatar
Mohammed_Moin_2
Icon for Nimbostratus rankNimbostratus
Sep 25, 2018

Allowing specific source to specific uri and deny rest all

Hi All, We need an irule that can allow only specific source IP’s to access specific URI and deny to others. For example Data Group Source IP: 10.1.1.1 [DG1] URI: https://www.testdev.com/services/user1.html

 

Action: Allow

 

Data Group Source IP: 10.2.1.1 [DG2] URI: https://www.testdev.com/services/user2.html

 

Action: Allow

 

Data Group Source IP: 10.3.1.1 [DG3] URI: https://www.testdev.com/services/user3.html

 

Action: Allow

 

Source IP: Any

 

Action: Block all

 

Below is the irule that I am using, but no luck

 

when HTTP_REQUEST { if { [class match [IP::client_addr] equals DG1] } { HTTP::redirect " ;

 

if { [class match [IP::client_addr] equals DG2] } { HTTP::redirect ";

 

if { [class match [IP::client_addr] equals DG3] } { HTTP::redirect ";

 

if {[HTTP::uri] contains "/" || [HTTP::uri] contains "services"} { if {not[class match [IP::client_addr] } { log local0. " Blocked src=[IP::client_addr] src_port=[TCP::client_port],agent= HTTP::header value User-Agent]"

 

return

 

} }

 

Thanks..

 

application delivery
LTM

1 Reply

Sort By
  • Leonardo_Souza's avatar
    Leonardo_Souza
    Icon for Cirrocumulus rankCirrocumulus
    Sep 25, 2018

    Normally you do this based in the path, because is likely the application will have multiple pages:

    when HTTP_REQUEST {
if [class match [IP::client_addr] equals "DG1"] {
    if { not ([HTTP::path] starts_with "/services/user1/"]) } {
        HTTP::redirect "https://www.testdev.com/services/user1/"
        return
    }
    drop
}

    If you really want the URI:

    when HTTP_REQUEST {
if [class match [IP::client_addr] equals "DG1"] {
    if { not ([HTTP::uri] starts_with "/services/user1.html"]) } {
        HTTP::redirect "https://www.testdev.com/services/user1.html"
        return
    }
    drop
}