Hi Sanalbabu,
to cover your latest requirements, you may take a look to the two examples below...
Note: I've written two different versions for you, to optimize the performance based on your expected request pattern. So please estimate your expected request pattern and then either use the outlined iRules of senario1 or scenario2.
Scenario1
The iRule below should be used, if you expect many request to trigger the IP-based allow list for /xyz.
when CLIENT_ACCEPTED {
if { [class match [IP::client_addr] equals DataGroup_ALLOWED_IP_ADDR] } then {
set my_trusted_clients 1
} else {
set my_trusted_clients 0
}
}
when HTTP_REQUEST {
if { [string tolower [HTTP::host]] equals "www.abc.com" } then {
set low_uri [string tolower [HTTP::uri]]
if { [class match $low_uri starts_with Datagroup_ALLOWED_URIs] } then {
You may insert additional iRule code here, to handle request to the explicitly allowed sub-sites
} elseif { $low_uri starts_with "/xyz" } then {
if { $my_trusted_clients } then {
You may insert additional iRule code here, to handle request for the explicitly allowed client IPs
} else {
Insert your block code here, to handle the blocked requests
Below are some examples...
1.) Sending a redirect
HTTP::redirect "http://www.somesite.com/errorpage.html"
2.) Sending a errorpage
HTTP::respond 403 content "Access denied"
}
} else {
You may insert additional iRule code here, to handle request to other sub-sites
}
} else {
You may insert additional iRule code here, to handle request to other sites
}
}
Scenario2
The iRule below should be used, if you expect just a few request to trigger the IP-based allow list for /xyz.
when HTTP_REQUEST {
if { [string tolower [HTTP::host]] equals "www.abc.com" } then {
set low_uri [string tolower [HTTP::uri]]
if { [class match $low_uri starts_with Datagroup_ALLOWED_URIs] } then {
You may insert additional iRule code here, to handle request to the explicitly allowed sub-sites
} elseif { $low_uri starts_with "/xyz" } then {
if { [class match [IP::client_addr] equals DataGroup_ALLOWED_IP_ADDR] } then {
You may insert additional iRule code here, to handle request for the explicitly allowed client IPs
} else {
Insert your block code here, to handle the blocked requests
Below are some examples...
1.) Sending a redirect
HTTP::redirect "http://www.somesite.com/errorpage.html"
2.) Sending a errorpage
HTTP::respond 403 content "Access denied"
}
} else {
You may insert additional iRule code here, to handle request to other sub-sites
}
} else {
You may insert additional iRule code here, to handle request to other sites
}
}
Cheers, Kai