Forum Discussion
DarkSideOfTheQ_
Sep 16, 2009Nimbostratus
OK - i'm officially lost here. I put in the irule I first posted. However, it seemed to discard anything, I couldn't get to the page from a host specified by network or specifically. I added in the log value and saw it in the logs, but the page no workie. I removed the discard piece and could access the pages. Unfortunately, I could access them from hosts not specified in my datagroup. Where is this breaking down???
when HTTP_REQUEST {
if { ([HTTP::uri] contains "Test.jsp") or ([HTTP::uri] contains "Stats.jsp") and not ([matchclass [IP::client_addr] equals [$::ips_internal]]) } {
log local0. "test connection from [IP::client_addr] to [HTTP::uri]" }
}
From log:
Sep 16 16:46:07 tmm tmm[959]: Rule secure_test : test connection from to /templates/Test.jsp
Sep 16 16:46:31 tmm tmm[959]: Rule secure_test : test connection from to /templates/Test.jsp
Goal: restrict access to the 'test.jsp' and 'stats.jsp' from anyone except specific internal networks, rest of site needs to remain open to anyone.
Edit: Actually, since I removed the 'discard' for testing, I know that's why it's allowing anyone not in my datagroup to access those pages. However, shouldn't I only see in the logs, hosts/networks specified in my datagroup?
-DarkSide