Ert_27713
Jan 21, 2008Nimbostratus
Irule ACL based on URI
Can someone help me with creating a rule that can filter URI access based on IP address.
Something like
userIP1 can access /userDIR1
userIP2 can access /userDIR2
userIP3 can access /userDIR3
anyIP can access /publicDIR
default drop
Here is my stab at it, that doesn't work:
when CLIENT_ACCEPTED {
if {[matchclass [IP::remote_addr] equals $::userIP1] and [HTTP::uri] equals /userDIR1} then {
log local0.info "Allowed client to userIP1: [IP::remote_addr] requesting: [HTTP::uri]"
} elseif {
if {[matchclass [IP::remote_addr] equals $::userIP2] and [HTTP::uri] equals /userIP2} then {
log local0.info "Allowed client to userIP2: [IP::remote_addr] requesting: [HTTP::uri]"
} elseif {
if {[matchclass [IP::remote_addr] equals $::userIP3] and [HTTP::uri] equals /userIP3} then {
log local0.info "Allowed client to userIP3: [IP::remote_addr] requesting: [HTTP::uri]"
} else {
if {[HTTP::uri] equals /any}
} else {
default {
drop
log local0. "Dropped client [IP::remote_addr] requesting: [HTTP::uri]"
}
}
}
Thanks
Eric