Nimbostratus
Is it possible to block a specific URI from the Internet? Example, if http://abc.com is Internet facing... would it be possible to block only http://abc.com/xyz and allow any other URI? The other question is ... would it then also be possible to allow http://abc.com/xyz to our Internal customers?
Thanks in advance for any information... it is much appreciated!
Best Regards,
Eddie
Nimbostratus
Sure you can do that. This example just redirects the request back to the root directory, but you could drop the request or return a sorry page or anything you want when the even is triggered.
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/xyz" } {
HTTP::redirect "http://[getfield [HTTP::host] ":" 1]/"
}
}
You could do it based on the incoming Client IP Address, but it would require that you build a list of subnets to compare against. For this I would suggest using a Data Group.
If you need help with that just let us know.
NimbostratusNimbostratus
Is there a way to use the I_rule mentioned above and add a single IP for access?
Thanks!
-Eddie
Nimbostratus
But if you wanted to do it all in the same place you could do something like this:
Create a Data Group "AllowedSubnets" that contains the subnets / IP Addresses that you want to be allowed to access this location.
Then create an iRule like this (This iRule uses "class match" which is a v10.x.x method. If you have v9.x.x you can use "matchclass" and access the datagroup as "$::AllowedSubnets" instead of "AllowedSubnets")
when HTTP_REQUEST {
if { ([HTTP::uri] starts_with "/xyz") and !([class match [IP::remote_addr] equals AllowedSubnets]) } {
HTTP::redirect "http://[getfield [HTTP::host] ":" 1]/"
}
}
This logic requires two parts. The URI must start with "/xyz" and the Client IP Address is not in the allowed list. Then they will be redirected.
If the URI does not match or if the URI does match and the Client IP Address is in the allowed list, then the traffic will flow through normally without being redirected.