security irule per domain

Question

hello,&nbsp;
&nbsp;i have a server that serves two domains.
&nbsp;lets say that the domain names are DomainA.com and DomainB.com
&nbsp;i want to build a security irule so that:
&nbsp;1. admins from certain IP's or networks will have unlimited access
&nbsp;2. public access to DomainA.com is allowed
&nbsp;3. certain paths (ie /database/) is blocked for public access on DomainA.com
&nbsp;4. public access to DomainB.com is forbidden (admin not included as mentioned in section 1)&nbsp;
&nbsp;thanks,
&nbsp;arnon

michael_yates · Answer

Hi bezeqint, 
  
 One way to do it would be to use Data Groups (Classes).  Something like this:

when HTTP_REQUEST {
switch -glob [string tolower [HTTP::host]] {
"*domaina.com" {
if { [match class [IP::client_addr]] equals allowedipaddresses } {
return
}
elseif { [HTTP::uri] contains "/database*" } {
HTTP::redirect "/"
}
}
"domainb.com" {
if { [match class [IP::client_addr]] equals allowedipaddresses } {
return
}
else {
reject
}
}
}
}

Create a Data Group that contains the allowed IP Addresses (or Subnets / Networks). 
  
 Hope this helps.

bezeqint · Answer

thanks!

Forum Discussion

security irule per domain

2 Replies

Recent Discussions

ASM - Parent policy vs OWASPcompliance

Rewrite uri translation not working

CONNECTION IS LOST DUE TO SELF IP IS DELIVERED

APM OCSP Responder Issues

no available managed rule groups for Israel il-central-1

Related Content

Using ChatGPT for security and introduction of AI security

Adaptive Apps: Replicate & deploy WAF application security policies across F5's security portfolio

Enriching AFM with public domain Threat Intelligence

Get Started with WAAP Security Incidents

ChatGPT and security - This Week in Security Feb 18th to Feb 25th, 2023