Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

iRule: restricting IP based access to a L7 request on F5 ASM

Is there any possibility to create a rule on the F5 ASM restricting IP based access to a L7 request?

0
Rate this Discussion

Replies to this Discussion

placeholder+image

are you just wanting to block an IP address? Something like this?

if IP address = x.x.x.x

block it

The ASM can do several things regarding IP address actions (IP Intelligence, geolocation, etc). Just wanted to make sure I understand the question here.

Thanks! John

0
Comments on this Reply
Comment made 08-Apr-2014 by siyadh 148
we need to access one specific url only from internal corporate network. The application is already configured in F5 ASM and accessing from public.
0
placeholder+image

You can configure "Allowed URLs" and "Disallowed URLs" on your ASM. If you only want someone to access a single URL, you can simply include only that URL in the "Allowed" list. To configure this, you can navigate to Security > Application Security > URLs > Allowed URLs.

0
Comments on this Reply
Comment made 11-Apr-2014 by siyadh 148
But i need to access only from particular Source IP.
0
Comment made 21-Apr-2014 by siyadh 148
Hi John, What is the difference between blocking URL via "iRule" and adding "Disallowed URL"...???
0
placeholder+image

Disallowed URLs in the ASM are URLs in your web application that are not allowed by the security policy. For example, if your web application is located at https://www.abc.com and you wanted to explicitly deny access to URL https://www.abc.com/hacker, then you could add that URL to your Disallowed URL list, and users would get blocked if they tried to access it (you would just add /hacker to your Disallowed URL list).

Depending on what you wanted to do, an iRule could achieve the same result, but it's always best to use the built-in functionality instead of an iRule whenever you can (it's more efficient that way).

Here's a link to an ASM article I wrote (it discusses URL configuration)...I hope it helps! https://devcentral.f5.com/articles/the-big-ip-application-security-manager-part-3-the-importance-of-file-types-parameters-and-urls

0
Comments on this Reply
Comment made 24-Apr-2014 by siyadh 148
Hi John, Thank you for your reply. Is it possible to block the URLs from specific source IP by using "Disallowed URL list"...?
0
Comment made 17-Oct-2017 by HG 341

Hi all. I was looking for something similar. I would like to allow access to a specific URL path coming from specific IP addresses. I'm not sure if this can be done by using ASM. Siyadh did you finally manage to find a solution regarding this case ?

0