Restriction on IP source AND uri dest

Question

Hello&nbsp;
&nbsp;I  need to limit the access to  some specific uri  containing    /wps/wcm/.*connect/iww_.    to   10.0.0.0/8  ip  range   : except  this specif web pages on Pool_WCM_Rendering_HTTP, all the website  has to be accessible  by anybody whatever his source ip.&nbsp;&nbsp;
&nbsp;for the time being, I'am using the following irule :&nbsp;
&nbsp;when HTTP_REQUEST {&nbsp;
&nbsp;if {[HTTP::host] equals "wcm.bureauveritas.com"} {
&nbsp;    pool Pool_WCM_Authoring_HTTP&nbsp;
&nbsp;  } else {
&nbsp;    pool Pool_WCM_Rendering_HTTP
&nbsp;  }
&nbsp;}&nbsp;&nbsp;&nbsp;&nbsp;
&nbsp;and I try now to implement something like :&nbsp;
&nbsp;when HTTP_REQUEST {&nbsp;
&nbsp;if {[HTTP::host] equals "wcm.bureauveritas.com"} {
&nbsp;    pool Pool_WCM_Authoring_HTTP&nbsp;
&nbsp;   } elseif { not [IP::addr [IP::client_addr]  10.0.0.0/8 ] AND [HTTP::uri] contains  "/wps/wcm/.*connect/iww_.*" } {
&nbsp;    reject
&nbsp;  }
&nbsp;    else {
&nbsp;    pool Pool_WCM_Rendering_HTTP
&nbsp;  }
&nbsp;}&nbsp;&nbsp;&nbsp;
&nbsp;but the syntax is not correct :  could you help me finding the correct syntaxt  ?  Is the best approach to filter as requested ?&nbsp;
&nbsp;Thanks &nbsp;
&nbsp;Stephane Creuze&nbsp;

marketcrash_746 · Answer

Stephane, 
&nbsp;  
&nbsp; I am not positive this is what you want, but this iRule should look for the extra wcm.bureauveritas.com, your regular expression, and the internal IP address range.  If all are true, then it will apply the rendering pool.  Elsewise, if it sees wcm.bureaveritas.com and nothing else it will send it down the other pool. 
&nbsp;  
&nbsp; when HTTP_REQUEST { 
&nbsp;  
&nbsp; if {[HTTP::host] equals "wcm.bureauveritas.com"} { 
&nbsp;     [IP::client_addr]  10.0.0.0/8 ] AND [HTTP::uri] contains  "/wps/wcm/.*connect/iww_.*" } { 
&nbsp;     pool Pool_WCM_Rendering_HTTP 
&nbsp;     } else { 
&nbsp;     pool Pool_WCM_Authoring_HTTP 
&nbsp;     } 
&nbsp; } 
&nbsp;  
&nbsp; Thanks, 
&nbsp;  
&nbsp; -Andrew

nitass · Answer

besides regex, you may use this string match. 
&nbsp;  
&nbsp; string match -nocase "/wps/wcm/*connect/iww_*" [HTTP::uri] 
&nbsp;  
&nbsp; just my 2c.

Forum Discussion

Restriction on IP source AND uri dest

2 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

Related Content

Office 365 Tenant Restrictions

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

F5 iRule Geolocation restriction

How to ensure source address and source port are accepted and traversed properly via F5 SNAT automap