Cirrus
NimbostratusTry this irule
when HTTP_REQUEST {
set net_code [class match -value -- [IP::client_addr] equals internal_network_dg]
set app_path [class match -value -- [string tolower [HTTP::path]] contains [string tolower private_urls_dg]]
if {$app_path eq "p" and $net_code ne "a"} {
HTTP::respond 404 content "
404 Not Found
" } }
You will need to create 2 datagroups internal_network_dg is used to track your internal IP addresses private_urls_dg is used to track your private URLs
internal_network_dg needs to be datagroup type "address" where you list the allowed addresses like 10.0.0.0/8 and an entry of a to tell the irule that they are allowed.
private_urls_dg needs to be a datagroup type string with the private url or a unique portion of it /admin/ and an indicator of p to tell the irule that its private. You can change the values to anything that you choose as long as you change them in the rule and the datagroups.
I got this from Kevin quite a while ago so thanks to him!
NimbostratusThe iRule that I posted strings everything to lower case. iRules are case sensitive so an entry of /PP/:=a would not match on the iRule that I posted and wouldn't be blocked. If you use my rule then all entries to the datagroups need to be in lower case.