Eric_Chung_1045
Dec 13, 2006Nimbostratus
Restrict specific IPs to specific URI
I am now studying a configuration to allow specific client IP to access specific URI under the same URL and I have drafted the configuration below:
if (http_host == "www.abc.com") {
if (http_uri starts_with "/AAA/Production"
or http_uri starts_with "/AAA/Current/"
or http_uri starts_with "/AAA/Doc/"
or http_uri starts_with "/AAA/help"
or http_uri starts_with "/AAA/up/") {
use pool weblogicHTTPS8011
}
elseif (http_uri starts_with "/testing/testing.jsp" ) {
if (client_addr == "xxx.xxx.xxx.xxx"
or client_addr == "xxx.xxx.xxx.xxx"
or client_addr == "xxx.xxx.xxx.xxx"
or client_addr == "xxx.xxx.xxx.xxx"
or client_addr == "xxx.xxx.xxx.xxx"
or client_addr == "xxx.xxx.xxx.xxx"
or client_addr == "xxx.xxx.xxx.xxx"
or client_addr == "xxx.xxx.xxx.xxx"
or client_addr == "xxx.xxx.xxx.xxx"
or client_addr == "xxx.xxx.xxx.xxx"
or client_addr == "xxx.xxx.xxx.xxx") {
use pool weblogicHTTPS8011
}
else {
log "client" + client_addr + ";" + client_port + http_uri + "denied"
discard
}
}
else {
log "client" + client_addr + ":" + client_port + http_uri + "denied"
discard
}
}
else {
log "client" + client_addr + ":" + client_port + http_uri + "denied"
discard
}
I use the iRule Editor to generate this configuration. However, the BIGIP we are using is 4.6.2.
As the BIGIP is in production, can anyone help me to check whether the configuration is matched with v4.6.2? Thanks.
Regards,
Eric HK Chung