Permitting and Denying in a irule

Question

Hello I need help to figure out how to permit an if in a irule, something like this...
when HTTP_REQUEST {
 if {([HTTP::host] equals "something.com") &amp;&amp; ( not [class match [IP::client_addr] equals /Partition/User1])} { 
    log local0. "Permit User1 [HTTP::host]/[HTTP::uri] from [IP::client_addr]" 
Command for Permit
} elseif {
([HTTP::host] equals "something.com") &amp;&amp; ( not [class match [IP::client_addr] equals /Partition/User2])} { 
log local0. "Permit User2 [HTTP::host]/[HTTP::uri] from [IP::client_addr]"

Command for Permit
} elseif {
    log local0. "Denying the Rest [HTTP::host]/[HTTP::uri] from [IP::client_addr]" 
    reject
}
}
Can someone give me a hint?

g__246_ran___19 · Accepted Answer

The right one...
when HTTP_REQUEST {
 if {([HTTP::host] equals "something.com") &amp;&amp; ( [class match [IP::client_addr] equals /Partition/User1])} { 
    log local0. "Permit User1 [HTTP::host]/[HTTP::uri] from [IP::client_addr]" 
Command for Permit
} elseif {
([HTTP::host] equals "something.com") &amp;&amp; ( [class match [IP::client_addr] equals /Partition/User2])} { 
log local0. "Permit User2 [HTTP::host]/[HTTP::uri] from [IP::client_addr]"

Command for Permit
} elseif {
    log local0. "Denying the Rest [HTTP::host]/[HTTP::uri] from [IP::client_addr]" 
    reject
}
}

g__246_ran___19 · Answer

Or Shod it be like this since there is two different responers?&nbsp;
when HTTP_REQUEST {
if { ([HTTP::host] equals "my.domain.com") &amp;&amp; ([string tolower [HTTP::uri]] contains "/selftest.aspx") &amp;&amp; (( not [class match [IP::client_addr] equals /Partition/Selftest_Users])} { 
    log local0. "Deny not KPA_Users [HTTP::host]/[HTTP::uri] from [IP::client_addr]" 
    set Responce_value "forward_notfound"
    return
  } elseif {
([HTTP::host] equals "my.domain.com") &amp;&amp; ([string tolower [HTTP::uri]] contains "/bolag") &amp;&amp; ( not [class match [IP::client_addr] equals /Partition/KPA_web_allowed_networks_Users])} { 
    log local0. "Deny not KPA_Users [HTTP::host]/[HTTP::uri] from [IP::client_addr]" 
    set Responce_value "forward_accessinfo"
    return
  } elseif {
([HTTP::host] equals "my.domain.com") &amp;&amp; ([string tolower [HTTP::uri]] contains "/pv/ui") &amp;&amp; ( not [class match [IP::client_addr] equals /Partition/KPA_Users])} { 
    log local0. "Deny not KPA_Users [HTTP::host]/[HTTP::uri] from [IP::client_addr]" 
    set Responce_value "forward_notfound"
    return
  } elseif {
    ( [class match -value $Responce_value equals forward_notfound] ) } {
HTTP::respond 301 Location "https://[HTTP::host]/NotFound.aspx"
  } elseif {
    ( [class match -value $Responce_value equals forward_accessinfo] ) } {
HTTP::respond 301 Location "https://[HTTP::host]/Accessinfo.aspx"
}
}&nbsp;

Forum Discussion

Permitting and Denying in a irule

2 Replies

Recent Discussions

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Pricing when used with aws waf

iRule help masking IBM host URL/URI

Related Content

iRules Style Guide

SAML IdP Initiated SSO Denied and Killing Existing Session established through OAuth

Hey ChatGPT, can you write iRules?

POC: Validate JWT with iRule

irule