Forum Discussion

Chris_Baiocchet's avatar
Chris_Baiocchet
Icon for Nimbostratus rankNimbostratus
Dec 24, 2018

iRule to block access to a URI based on IP Address

Hello all,

I have a public-facing website. I want to block access to a specific URI if a requesting client is not within our internal network; redirecting the client to the main page of the site. But it is not working, and can't figure why. The code I currently have is:

when HTTP_REQUEST
{
log local0. "Request from [IP::client_addr] URI: [HTTP::uri]"
if { [string tolower [HTTP::uri]] contains "/agenthub/agentPiped" }
{
if { [class match [IP::client_addr] equals ALLOWED_INTERNAL_IP_ADDRESSES ] }
{
log local0. "Request from [IP::client_addr] URI: [HTTP::uri] matched /agentPiped"
pool VFCFPROD_HTTP
}
else
{
log local0. "Request from [IP::client_addr] address not found in ALLOWED_INTERNAL_IP_ADDRESSES"
HTTP::redirect "[https://www.XYZ.com"](https://www.XYZ.com);
}
}
}

Looking in the LTM log, I only see a log entry generated by the first log local0 command of the irule:

$1

It does not look as though external traffic ever hits the second log local0 command, so it appears that none of the subsequent conditions are getting hit. but I don't understand why. Any suggestions would be greatly appreciated.

2 Replies

  • It looks like you have an "if" statement that has "string tolower" in it. That converts all of the uri to lower case. You are then trying to see if it contains "/agenthub/agentPiped" Which has an uppercase "P" in it. That uppercase "P" will not ever be there since you just converted it to all lower case.

     

    Hope that helps!

     

    -Dylan

     

    • Chris_Baiocchet's avatar
      Chris_Baiocchet
      Icon for Nimbostratus rankNimbostratus

      It was right there in front of me the whole time. Fixed the case, and iRule is working as expected.

       

      Many thanks, Dylan.