help with irule

Question

Hi,&nbsp;
I need to write irule that 
1. drop connection to uri that contain "wp-admin" "login" "mydb" from specific ip address
2. allow access to uri that contain "admin-ajax.php"&nbsp;
This is the irule i wrote:
when HTTP_REQUEST {&nbsp;
check the Class to determine if it's not allowed
deny access to wordpress /admin and /login from external ip address
Allow only My ip address to connect wordpress /admin and /login
Allow access to any host that contains "admin-ajax.php"
if {[HTTP::uri] contains "admin-ajax.php"} {
log local0. "admin-ajax request accepted from client: [IP::client_addr]"&nbsp;
} elseif {[HTTP::uri] contains "wp-admin" || [HTTP::uri] contains "login" || [HTTP::uri] contains "mydb"} {
if {not[class match [IP::client_addr] equals Technion_ip_Address] } {
log local0. "dropped connection My ip address[IP::client_addr]"
} else {
  reject 
}
}
}&nbsp;
Unfortunately the irule does not work, after the first if everything pass.&nbsp;
Suggestions please&nbsp;
Regards
Rafi&nbsp;

youssef1 · Answer

Hi,
you can begin with this irule then let me now if you need some update:
when HTTP_REQUEST {
    if { !([IP::client_addr] equals "10.0.0.8" ) } {

if { ([string tolower [HTTP::uri]] contains "admin" || [string tolower [HTTP::uri]] contains "login") &amp;&amp; !([string tolower [HTTP::uri]] contains "admin-ajax.php") } {
            drop
        }

} 
}

Of course change "10.0.0.8" by your IP.

Forum Discussion

help with irule

1 Reply

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

iRules Style Guide

Hey ChatGPT, can you write iRules?

POC: Validate JWT with iRule

irule

Avoiding Common iRules Security Pitfalls