Need to restrict an iRule from passing external traffic, only internal.

Question

We have a situation where we are using an iRule that when there are requests to a subfolder on a site, it redirects to a subfolder.  Here is the iRule we are using.&nbsp;
if { [HTTP::uri] starts_with "/subfolder" } {
     the node command directs the request to the server
     whether or not it is behind the BigIP.  Make sure the BigIP
     has a route to that server.
    node 10.10.3.111
  }&nbsp;
So this rule, if a request comes through like ";, it gets re-routed to the node 10.10.3.111.  It works just fine.  EXCEPT one problem.&nbsp;
Turns out the site should not be open to the internet, only to internal servers.  I need to add a conditional statement that only allows internal traffic to pass.  All internal servers are in a 10.X.X.X subnet.  Any suggestions on how to accomplish this in the iRule?&nbsp;

niels_van_sluis · Answer

Maybe something like this:
when HTTP_REQUEST {
    if { [HTTP::uri] starts_with "/subfolder" &amp;&amp; [IP::addr [IP::client_addr] equals 10.0.0.0/8] } {
         the node command directs the request to the server 
         whether or not it is behind the BigIP. Make sure the BigIP 
         has a route to that server. 
        node 10.10.3.111
    }
}

Forum Discussion

Need to restrict an iRule from passing external traffic, only internal.

1 Reply

Recent Discussions

Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP

Help with URL Masking

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

Related Content

Redirecting to an external site when the internal site is down

Create isolated environment for internal and external networks

Office 365 Tenant Restrictions

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

CSV to Address External Datagroup File