Lloyd_Carter
May 12, 2020Nimbostratus
Solved
iRule for IP Whitelist on specific URL
I have a service that I am migrating to F5 BIG IP. It previously used IIS IP Address Restriction to control access to a particular URL. Can anyone recommend an iRule that will allow me to do the sa...
- May 12, 2020
Sure an iRule for that isn't hard. The question is how will you get the whitelist on the BIGIP. If you use data groups you can update a whitelist directly in the GUI, but is that an interface you want to use for this. You can also use external data groups which are a file on the BIG-IP. This can be pushed/pulled from other sources and then loaded on the BIG-IP. If you have privatewhitelist address data group defined on the BIG-IP this would do the job.
when HTTP_REQUEST { if {[HTTP::uri] eq "/private"} { if {![class match [IP::client_address] equals privatelwhitelist]} { HTTP::respond 403 content "<html><body>Access not permitted</body></html>" Connection Close TCP::close } } }