mike_89584
Jun 13, 2016Nimbostratus
iRule help
Hi I have two separate irules - one to restrict access to certain IPs and one to force basic authentication, and I now find that I need to combine the two, that is allow certain IPs to a VIP (or folder structure) with no requirement for the authentication, but for all other requests, the Authentication needs to be in place
any help would be greatly appreciated!
Basic Authentication:
when HTTP_REQUEST { binary scan [md5 [HTTP::password]] H* password
if { [class lookup "[HTTP::username]" local_user_dgroup] equals $password } {
log local0. "User [HTTP::username] has been authorized to access virtual server [virtual name]"
} else {
log local0. "User [HTTP::username] has been denied access to virtual server [virtual name]"
HTTP::respond 401 WWW-Authenticate "Basic realm=\"Secured Area\""
}
}
IP Restriction:
when HTTP_REQUEST { if { [IP::client_addr] eq "xxx.xxx.xxx.xxx" } { pool Pool_my_pool.com
} else { drop } }Hi,
haven't understand quite well your requirement. Here the new try :
when HTTP_REQUEST { if { [IP::client_addr] eq "xxx.xxx.xxx.xxx" } { pool Pool_my_pool.com } else { binary scan [md5 [HTTP::password]] H* password if { [class lookup "[HTTP::username]" local_user_dgroup] equals $password } { log local0. "User [HTTP::username] has been authorized to access virtual server [virtual name]" } else { log local0. "User [HTTP::username] has been denied access to virtual server [virtual name]" HTTP::respond 401 WWW-Authenticate "Basic realm=\"Secured Area\"" } } }