Help with IRule

You can try something like

 

when HTTP_REQUEST {

 

if { [HTTP::uri] eq "admin" and not [class match [IP::client_addr] eq "private_net"] } {

 

drop

 

}

 

}

 

Where private_net datagroup with list of your internal subnets.

 

The action is depend your business needs. In that case bigip will drop the connection

 

Hi Noor,

I have voluntarily made an inconvenient irule 🙂 to allow you to increase your skills/competence on the subject. So as you can noticed I don't use DataGroup, that will allow you to set all your internal Network and forbiden path directly in the irule.

I use a multivalue variable using "array" command. you can add or remove entries in array command.

So if you need more details or additionla information keep me update. It is important for you to understand then update the irule alone to meet your needs. So just let me now if you understand and if it's working.

when HTTP_REQUEST {

set uri [string tolower [HTTP::uri]]
set clientip [IP::client_addr]
set path_status 0
set ip_status 0

 you can add more uri as describe before

array set forbiden_path {
    admin "/admin"
    accounts "/accounts"
    console "/console"
}

 For internal path_status work I set all Internal IP using RFC-1918

array set internal_net {
    internal1 "10.0.0.0/8"
    internal2 "172.16.0.0/12"
    internal3 "192.168.0.0/16"
}

 I check if URI is frobiden

foreach path [array names forbiden_path] {
    if {$uri contains $forbiden_path($path)} {
        set path_status 1
    }
}
 I checked if Net is internal

foreach ip [array names internal_net] {
    if {$clientip eq $internal_net($ip)} {
        set ip_status 1
    }
}

 I drop if is not internal and if path is forbiden

if {$path_status && $ip_status == "0"} {
    drop
}

}