Hi Noor,
I have voluntarily made an inconvenient irule 🙂 to allow you to increase your skills/competence on the subject.
So as you can noticed I don't use DataGroup, that will allow you to set all your internal Network and forbiden path directly in the irule.
I use a multivalue variable using "array" command. you can add or remove entries in array command.
So if you need more details or additionla information keep me update. It is important for you to understand then update the irule alone to meet your needs. So just let me now if you understand and if it's working.
when HTTP_REQUEST {
set uri [string tolower [HTTP::uri]]
set clientip [IP::client_addr]
set path_status 0
set ip_status 0
you can add more uri as describe before
array set forbiden_path {
admin "/admin"
accounts "/accounts"
console "/console"
}
For internal path_status work I set all Internal IP using RFC-1918
array set internal_net {
internal1 "10.0.0.0/8"
internal2 "172.16.0.0/12"
internal3 "192.168.0.0/16"
}
I check if URI is frobiden
foreach path [array names forbiden_path] {
if {$uri contains $forbiden_path($path)} {
set path_status 1
}
}
I checked if Net is internal
foreach ip [array names internal_net] {
if {$clientip eq $internal_net($ip)} {
set ip_status 1
}
}
I drop if is not internal and if path is forbiden
if {$path_status && $ip_status == "0"} {
drop
}
}