Forum Discussion

silver's avatar
silver
Icon for Nimbostratus rankNimbostratus
Jul 08, 2010

Listed URI

Hi,

 

 

I need to frame a irule which need to allow only the listed uri, rest needs to be blocked. For some of the uri, specific ip's need to get the access.

 

 

ex:

 

 

http://www.abc.com/test1/index.html

 

http://www.abc.com/test2/index.html

 

http://www.abc.com/test3/index.html

 

http://www.abc.com/test4/index.html

 

http://www.abc.com/test5/index.html

 

 

 

In the url listed above all the URI ( test1 to test 4 ) can be accessed by all ip's and the uri test5 has to accessed by the specified ip say 192.168.100.100. if the others access this they need to get the forbidden page.

 

 

I have lot of other URI for the same domain, but don't want to expose everything. ie, need to do a white-list.

 

 

Thanks in advance.

 

 

3 Replies

  • Hi Silver,

     

    I think the following post will help you

     

     

    http://devcentral.f5.com/Forums/tabid/1082223/asg/50/showtab/groupforums/afv/topic/aff/5/aft/63026/Default.aspx

     

     

    Bhattman
  • silver's avatar
    silver
    Icon for Nimbostratus rankNimbostratus
    Hi Bhatman,

     

     

    Provided link show only the ip restriction to the specific URI in the datagroup. How about the restriction of URI.

     

     

    Need to have the single irule achieving both the requirement.

     

     

    Thanks

     

  • Posted By silver on 07/08/2010 03:00 AM

     

    Hi Bhatman,

     

     

    Provided link show only the ip restriction to the specific URI in the datagroup. How about the restriction of URI.

     

     

    Need to have the single irule achieving both the requirement.

     

     

    Thanks

     

     

     

    In the example to which he linked, you're determining (in the CLIENT_ACCEPTED) event whether the IP of the client is one that allows him to access all resources or if he can only access certain ones. After that determination has been made, you're checking the URI in the HTTP_REQUESTED event. So, your sequence would be like this: 1. User hits your site and their address isn't in the datagroup. 2. Since their address wasn't in the address datagroup, we're checking the URI datagroup to see whether they have access to the URI they requested.