Irule ACL based on URI

Can someone help me with creating a rule that can filter URI access based on IP address.

 

 

Something like

 

 

userIP1 can access /userDIR1

 

userIP2 can access /userDIR2

 

userIP3 can access /userDIR3

 

anyIP can access /publicDIR

 

default drop

 

 

Here is my stab at it, that doesn't work:

 

 

when CLIENT_ACCEPTED {

 

if {[matchclass [IP::remote_addr] equals $::userIP1] and [HTTP::uri] equals /userDIR1} then {

 

log local0.info "Allowed client to userIP1: [IP::remote_addr] requesting: [HTTP::uri]"

 

} elseif {

 

if {[matchclass [IP::remote_addr] equals $::userIP2] and [HTTP::uri] equals /userIP2} then {

 

log local0.info "Allowed client to userIP2: [IP::remote_addr] requesting: [HTTP::uri]"

 

} elseif {

 

if {[matchclass [IP::remote_addr] equals $::userIP3] and [HTTP::uri] equals /userIP3} then {

 

log local0.info "Allowed client to userIP3: [IP::remote_addr] requesting: [HTTP::uri]"

 

} else {

 

if {[HTTP::uri] equals /any}

 

} else {

 

default {

 

drop

 

log local0. "Dropped client [IP::remote_addr] requesting: [HTTP::uri]"

 

}

 

}

 

}

 

 

 

Thanks

 

 

Eric