Here is what I ended up with.
when CLIENT_ACCEPTED {
set DEBUG "0"
if { $DEBUG } {log local0. "Client IP address is: [IP::remote_addr]"}
Check if client IP is not in the UserDataGroup
if { [class match [IP::remote_addr] equals "UserDataGroup"] }{
if { $DEBUG } {log local0. "Client is in UserDataGroup"}
Prevent the HTTP_REQUEST event from firing if user is local
event HTTP_REQUEST disable
}
elseif { $DEBUG } {log local0. "Client is in NOT UserDataGroup"}
}
when HTTP_REQUEST {
switch -glob [string tolower HTTP::path] {
"/login.aspx" -
"/foo/login.aspx" -
"/bar/login.aspx" {
Reject login info from non sites
HTTP::respond 403 content "Logins only allowed from networks.\r\n"
}
}
}