Forum Discussion

Nimbostratus

Oct 03, 2011

Path Based ACL Irule

Here is the scenario I have 9 IP addresses that I want to allow to the following path but allow access to any other URL/URI on the server. Lets just say ...

Cirrostratus

Oct 04, 2011

Hi Jim,

Be aware that IIS is very permissive when interpreting URIs. So it's fairly simple to bypass URI based iRules. For some examples of encoding attacks, check the last reply in this thread:

http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=30900

At a minimum if you're going to try to do this in an iRule, you'd want to URI decode the URI. You'd probably want to add additional logic to handle the other scenarios in the above post.

To do more complete proper validation of URIs you need the functionality in a WAF like ASM or to do this in the app using a .NET decoding library.

Aaron

Forum Discussion

Path Based ACL Irule

Recent Discussions

(How) can I get two client certificates in one APM session?

Open Redirection Mitigation

BIG-IP DNS iRule issue with static variable

how can I find the software version is 32 bit or 64 bit from LTM 15.1.10.4

Using okta as SSO to login F5 GUI

Related Content

Multiple Kubernetes Clusters and Path-Based Routing with F5 Distributed Cloud

Community Learning Path: Multi-Cloud Networking

iRule based RADIUS Client Stack

iRule based RADIUS Health Monitor Builder

iRule based 'Natural Speech' Expression Language