Jim_Bo
Aug 18, 2020Nimbostratus
iRule to selectively allow limited access by client IP
I have an application which is internet accessible but the application team has asked me to limit access to specific URIs based upon client ip. I just cannot seem to get the logic right.
I am using the default data group private_net and a second string data group called allowed-uri-list which lists the allowed URIs for Internet users.
when HTTP_REQUEST {
if { {[class match [IP::client_addr] eq private_net ]} } {
# allow access
} elseif {
{[class match [HTTP::uri] equals allowed-uri-list ]}} {
#allow access
} else { HTTP::respond 404 }
}
I keep getting http errors for no response and the tcl engine doesn't like my first if.
What am I doing wrong?