Restricting Traffic to IP Address and HTTP HOST

Below is my existing iRule script: when HTTP_REQUEST { set baseURL [string tolower [getfield [HTTP::host] ":" 1]] set sourceIP [IP::client_addr] if { ( not [class match -value $sourceIP eq MyDataGroup] ) eq "$baseURL" } { HTTP::respond 405 content "405 - Access To Page Is Not Allowed\The requested page $proto://$baseURL:$basePort[HTTP::uri] is currently not Allowed by your Administrator.

 

Please reach out to Helpdesk if you need further assistance." log local0. "Source IP [IP::client_addr] is currently BLOCKED for Accessing [HTTP::uri]" event disable all } else { log local0. "Source IP [IP::client_addr] was Allowed to Access $baseURL[HTTP::uri]" } }

A data-group is a hashmap; that is, a set of keys and associated values. The keys must be unique. You can, however, make the value into, say, a comma-delimited list, as in:

 

10.10.10.10 := "sample.com,foobar.com",
10.10.10.11 := "foobar.com"

 

Your code, then, could use lsearch on a split (or, if you can guarantee non-overlap, you could use the contains operator, which is faster, but more likely to cause problems down the line).

Here is a(n untested) sample:

 

when RULE_INIT {
    set static::hmr_hosts_datagroup "dg-hostmatch"
}


when HTTP_REQUEST {
    set match_list [class match -value [IP::client_addr] equals $static::hmr_hosts_datagroup]
    if { $match_list eq "" or [lsearch [split $match_list ,] [string tolower [HTTP::host]]] == -1 } {
        HTTP::respond 405 content "... your content from above ..."
    }
}

 

I strongly recommend that you consider using High-Speed Logging rather than relying on syslog-ng via log.It may be faster, and more importantly, doesn't tie up local disk I/O cycles.