raytoles_75680
Jun 25, 2009Nimbostratus
Access control iRule
We've written an irule to deny access to a few uri(s). iRules if fairly new to us and we want to make sure we're writing our iRule in the most efficiently way possible. Based on the client ip/network (internal network users require access) and the uri we want to protect a list of uri(s). We've created two data group lists, allowed_admin_datagroup and denied_admin_datagroup. The allowed list includes the list of network subnets we want to allow access. The denied list includes a list of uri(s) we want to protect.
when HTTP_REQUEST {
if {not [matchclass [IP::client_addr] equals $::allowed_admin_datagroup]}{
if {[matchclass [HTTP::uri] equals $::denied_admin_datagroup]}{
HTTP::respond 200 content "Not AllowedYou are not allowed to access this site!"
log local0. "URI requested by [IP::client_addr] blocked. URI requested = [HTTP::uri]"
}
}
}