JamesR_40280
Apr 09, 2008Nimbostratus
Restricting Access by IP to different web application
We're using a HA pair of ASM-4100 devices to secure a web application. We have a good policy for outside users that restricts access to general areas. However we also have internal staff that need access to administrative areas. We would like to allow those local users based on a class C IP address range (10.1.1.0) to access the site without the policy that is used by other users. I have tried enabling X-forwarded-for on the http class on the Virtual Server, and then attempting to find the local IP in the host with a HTTP Class Profile that will then send them to a less restrictive ASM class, but have not had any success. I'm not sure I'm giving the HTTP Class Profile the right code in the Hosts area. I'm using (regex) X-Forwarded-For:10.1.1*.
I've also used several other combinations of regular expressions and pattern strings with no success.
Is this a reasonable approach to what I'm trying to accomplish? I've seen the iRule samples for IP forwarding to different Virtual Servers, but I want the same virtual server to send traffic to one web application versus another. Also, I'm not sure how to adopt those samples to what we're trying to do.