Forum Discussion

VRI_341747's avatar
VRI_341747
Icon for Nimbostratus rankNimbostratus
Apr 05, 2018

Access Control to URI based on IP with logging

I found a script to block access to a URI based on IP address list and modified it to allow multiple URI. I need to some way add logging so I can see what IP addresses are getting blocked. If anyone has a better script, I'm open to suggestions. I'm very new to iRules so any help is much appreciated.

Here's the script

when HTTP_REQUEST {
if { [class match [HTTP::uri]] equals ibp-uri } then {
    if { [class match [IP::client_addr] equals ifbyphone] } then {
         Let the request pass...
    } else {
        HTTP::respond 403 content "Access Denied"
    }        
} else {
     Let the request pass...   
}
}
devops
iRules
security

1 Reply

Sort By
  • youssef1's avatar
    youssef1
    Icon for Cumulonimbus rankCumulonimbus
    Apr 05, 2018

    Hello,

    you can just add log command in order to send logs you define in /var/log/ltm. This logs is send to your syslog server if you configure IT. Then you can just enter the following command in order to retrieve all blocked user:

    more /var/log/ltm | grep 'Blocked'

    or (for gz file)

    zcat /var/log/ltm.1.gz | grep 'Blocked' 

    when HTTP_REQUEST {
if { [class match [HTTP::uri]] equals ibp-uri } {
    if { [class match [IP::client_addr] equals ifbyphone] } {
         Let the request pass...
    } else {
        HTTP::respond 403 content "Access Denied"
        log local0. "Blocked IP: [IP::client_addr]"
    }        
} else {
     Let the request pass...   
}
}

    If you want to send this logs directly to your Syslog server you can use HSL (better performance). And you can easly set notification for this use case.

    Regards