parvez_70211
Apr 10, 2017Nimbostratus
Using X-Forwarded-for to block Clients based on URI information
I have task to block client IP's based on URI information but the catch here is that the actual IP's are present on HTTP header (X-forwarded-For) which are all coming from Akamai.
Eg: I have approx 40 IP's which needs to be allowed to access any URI that starts with "/en_US/HHCM*". Rest needs to be blocked.
";
I had written an irule to block directy the IP but I need to modify it. Can you help?
when HTTP_REQUEST {
Check for requests to the restricted URI
if { [string tolower [HTTP::uri]] starts_with "/en_US/HHCM"} {
Check if the client IP is not in the allowed clients data group
if {[class match [IP::client_addr] equals AllowList]}{
log local0. "dropped [IP::client_addr]"
Reset the connection
drop
}
}
}