Forum Discussion
hooleylist
Jun 21, 2011Cirrostratus
Doh... thanks for catching that Colin. I was going a bit nuts.
How about this then:
when CLIENT_ACCEPTED {
if { [matchclass [IP::client_addr] equals $::myallowedclients] }{
set allowed_ip 1
log local0. "[IP::client_addr]:[TCP::client_port]: Client is in allowed class"
} else {
Client is not in the allowed class
set allowed_ip 0
log local0. "[IP::client_addr]:[TCP::client_port]: Client is not in allowed class"
}
}
when HTTP_REQUEST {
Skip the URI checking if the client IP is allowed
if {$allowed_ip}{
Exit this event in this rule
return
}
Check if requested URI is whitelisted
switch -glob [HTTP::uri] {
"/allowed_starts_with/*" -
"*/allowed_contains/*" -
"/allowed_exact" {
log local0. "[IP::client_addr]:[TCP::client_port]: URI is allowed per whitelist [HTTP::uri]"
}
default {
Send HTTP reject message
HTTP::respond 403 content {blocked!}
log local0. "[IP::client_addr]:[TCP::client_port]: Blocking request to [HTTP::uri]"
}
}
}
Aaron