Setup F5 big-ip irules to allow source ip to specific uri only and drop other access

Question

I would like to know how to setup a irule to meet below requirement:

if source ip equal to '1.2.3.4'
allow access to "https://abc/def" only (abc is virtual server, def is data group mapping content on virtual server)
and block other access, not allow to access to "https://abc/XXX" (XXX for others mappings)

thank you.

dario_garrido · Answer

Hello Doi.Try this -&gt;when HTTP_REQUEST {
	# reject user if source IP is not 1.2.3.4 and first path value is not included in DATAGROUP
	if { ([class match [getfield [string tolower [HTTP::path]] "/" 0] neq DATAGROUP]) || ([IP::addr [IP::client_addr] neq 1.2.3.4]) } {
		reject
	}
}Regards,Dario.

Forum Discussion

Setup F5 big-ip irules to allow source ip to specific uri only and drop other access

1 Reply

Recent Discussions

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Related Content

Re: Get Started with BIG-IP Virtual Edition (VE), BIG-IQ VE or BIG-IP Cloud Edition Trial

Quick Optimizations for F5 BIG-IP Virtual Edition

Use BIG-IP LTM Virtual Server & iRule for an internal "What's My IP" website

Getting Started with BIG-IP Next: Upgrading Central Manager

Deploying F5 BIG-IP with Azure Cross-region load balancer