NimbostratusI need help creating a policy or Irule:
How to allow access to a specific URL from internet
https://abc.domain.com/marketplace-app/#/
And allow all other URLs for internal network only.
for example:
https://abc.domain.com/lookfeel
https://abc.domain.com/marketing
Regards,
Cleiton
CumulonimbusHi,
try this irule.
You can also use DG for Internal source IP and URL...
when CLIENT_ACCEPTED {
set internal 0
# check if user come from internal network
if {not [IP::addr [IP::client_addr] equals 10.0.0.0/8]} {
set internal 1
}
}
when HTTP_REQUEST {
if {$internal} {
# allow all. access from internela network
} else {
if { !([string tolower [HTTP::uri]] starts_with "/marketplace-app/#/") }{
# allow only access to marketplace url from internal
drop
}
}
}regards
NimbostratusSorry I did not explain correctly ...
The URL https://abc.domain.com/marketplace-app/#/ Must be accessed from both the external and internal networks.
Other URLs can be accessed only from internal network (10.0.0.0/8)
examples:
https://abc.domain.com/lookfeel
https://abc.domain.com/Marketing
help me please!
CirrusYou can create a VIP that is only used for traffic coming from 10.0.0.0/8 that looks like this:
This VIP will get all traffic from 10.0.0.0/8. Then you'll create another VIP that doesn't specify Source Address, that will handle all other traffic to that IP.
On the VIP that handles all non 10.0.0.0/8 traffic, use this:
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::uri]] {
"lookfeel*" -
"Marketing**" {
drop }
}
}
CumulonimbusIrule Update:
when CLIENT_ACCEPTED {
set internal 0
# check if user come from internal network
if {not [IP::addr [IP::client_addr] equals 10.0.0.0/8]} {
set internal 1
}
}
when HTTP_REQUEST {
if {$internal} {
# allow acess to all directory from internela network only including /marketplace-app/
} elseif { [string tolower [HTTP::uri]] starts_with "/marketplace-app/#/" }{
# allow access to /marketplace-app/ from external
} else {
drop
}
}keep me in touch
regards