packet filter based on URL

Question

HI ALL ,&nbsp;
&nbsp;i have a web site published over the internet (ie  www.mysite.com)and i want to prevent access to some suburl (ie. www.mysite.com/admin)for this website to be accessed from outside how could i acheve this using eaither packet filtering or irule .&nbsp;
&nbsp;thank you . &nbsp;

chris_miller · Answer

Here's an iRule to accomplish it.

when HTTP_REQUEST {
   if { [HTTP::host] eq "www.mysite.com" and [HTTP::uri] starts_with "/admin" and ![class match [IP::client_addr] eq inside_addresses] } {
     discard }}

This requires that you create an address-type "datagroup" containing the IPs you want to allow. Let me know if you have any issues.

mbamusa_59409 · Answer

hi chris &nbsp;
&nbsp; thank you for your kind replay  &nbsp;&nbsp;
&nbsp; let's assume that 192.168.1.0/24 is the subnet which i want them to access the link and discard evrey thing else who we could write this ? &nbsp;
&nbsp;and what if the link is not like www.mysite.com/admin and it's like www.admin.mysite.com ?&nbsp;
&nbsp; regards

chris_miller · Answer

This should work.

when HTTP_REQUEST {
   if { [HTTP::host] eq "www.admin.mysite.com" and ![IP::addr [IP::client_addr]/24 eq 192.168.1.0] } {
     discard }}

Let me know if it doesn't.

Forum Discussion

packet filter based on URL

3 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Automating Packet Captures on BIG-IP

F5 packet buffer

iRule based RADIUS Client Stack

Packet Based LB vs Connection Based LB

Packet Tracing in BIG-IP AFM