Forum Discussion
12 Replies
Sort By
- hooleylist
Cirrostratus
Hi Pankaj,when HTTP_REQUEST { switch -glob [string tolower [HTTP::path]] { "/bac*" { if {not [class match [IP::client_addr] equals allowed_hosts_dg]}{ HTTP::respond 403 content {Blocked!} } } } }
- Pankaj_70057
Nimbostratus
I never create iRule this is first time so please can you send me acctual iRule with below example: - Pankaj_70057
Nimbostratus
I never create iRule this is first time so please can you send me acctual iRule with below example: - hooleylist
Cirrostratus
You can create the data group in the GUI under Local Traffic | iRules | Data group list | Create. Select a name of allowed_hosts_dg and a type of address. Then create the iRule using the code above and add that to the virtual server. - Pankaj_70057
Nimbostratus
is this iRule works for both http and https? - Pankaj_70057
Nimbostratus
I am geeting error on iRule: - hooleylist
Cirrostratus
Which LTM version are you on? You can check in the GUI under System | General Properties | Version. If you're on 9.4.4 or higher, you can use thiswhen HTTP_REQUEST { Check the requested path set to lower case switch -glob [string tolower [HTTP::path]] { "/bac*" { Path started with /bac so check if client IP is in the allowed_hosts_dg data group if {not [matchclass [IP::client_addr] equals allowed_hosts_dg]}{ Send a 403 unauthorized response HTTP::respond 403 content {Blocked!} Or you could reset the TCP connection reject } } } }
when HTTP_REQUEST { Check the requested path set to lower case switch -glob [string tolower [HTTP::path]] { "/bac*" { Path started with /bac so check if client IP is in the allowed_hosts_dg data group if {not [matchclass [IP::client_addr] equals $::allowed_hosts_dg]}{ Send a 403 unauthorized response HTTP::respond 403 content {Blocked!} Or you could reset the TCP connection reject } } } }
- Pankaj_70057
Nimbostratus
System is running with :BIG-IP 9.4.6 Build 401.0 Final but still getting below error, i have created the DG with BAC_ALLOWED_IP. - hooleylist
Cirrostratus
Sorry, it's matchclass not "match class". I edited the examples above with the correct command. - Joe_Gorman_4645
Nimbostratus
Seeing this rule is a start to what I am currently needing but I have 4 folders that the Private_nets group need access to but external clients should not be allowed. Can I nest those into different rows for each directory?