Forum Discussion

Altocumulus

Nov 01, 2019

iRule to protect a URI pattern by subnet?

Good day, I have been trying several approaches on BIG-IP/LTM 12.1.3.7 to achieve the following goal: A VIP listens on an IP where most of the traffic is bound for web content, let's say https:...

application delivery

BIG-IP

iRules

Cumulonimbus

Nov 02, 2019

Try the following:

when HTTP_REQUEST {
    if { ([string tolower [HTTP::uri]] starts_with "/admin") && not ([IP::addr [IP::client_addr] equals 192.168.0.0/16]) } {
        drop
    } else {
        pool prd-pl-company
    }
}

Mark_Gallagher
Altocumulus
Nov 04, 2019
Thanks for the input JG. I did try this (also with an exclamation point outside the parentheses) and it doesn't seem to match. I have definitely been able to get the match to work with a large list of /32 addresses, but never the /16.
This what I tried as far as what they were recommending in a KB for efficient subnet matching:
when HTTP_REQUEST { if {( [string tolower [HTTP::uri]] contains "/admin") && (not[IP::addr [IP::remote_addr] equals 192.168.0.0/255.255.0.0])} { HTTP::respond 503 content {

Forum Discussion

iRule to protect a URI pattern by subnet?

Recent Discussions

GTM Packet Capture command

How to Implement 2 Way SSL in F5 LTM

BWC iRule

Citrix XenServer Big-IP Upgrade help

BIG-IP DNS iRule issue with static variable

Related Content

Beyond REST: Protecting GraphQL

L7 DoS Protection with NGINX App Protect DoS

Multi-Cluster, Multi-Cloud Networking for K8S with F5 Distributed Cloud – Architecture Pattern

Community at F5 - Evolving Patterns and New Structures

Managing NGINX App Protect WAF for Beginners