Forum Discussion
4 Replies
- youssef1Cumulonimbus
Hi,
try this irule.
You can also use DG for Internal source IP and URL...
when CLIENT_ACCEPTED { set internal 0 # check if user come from internal network if {not [IP::addr [IP::client_addr] equals 10.0.0.0/8]} { set internal 1 } } when HTTP_REQUEST { if {$internal} { # allow all. access from internela network } else { if { !([string tolower [HTTP::uri]] starts_with "/marketplace-app/#/") }{ # allow only access to marketplace url from internal drop } } }
regards
- Cleiton_Lobo_deNimbostratus
Sorry I did not explain correctly ...
The URL https://abc.domain.com/marketplace-app/#/ Must be accessed from both the external and internal networks.
Other URLs can be accessed only from internal network (10.0.0.0/8)
examples:
https://abc.domain.com/lookfeel
https://abc.domain.com/Marketing
help me please!
- DanS92Cirrus
You can create a VIP that is only used for traffic coming from 10.0.0.0/8 that looks like this:
This VIP will get all traffic from 10.0.0.0/8. Then you'll create another VIP that doesn't specify Source Address, that will handle all other traffic to that IP.
On the VIP that handles all non 10.0.0.0/8 traffic, use this:
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::uri]] {
"lookfeel*" -
"Marketing**" {
drop }
}
}
- youssef1Cumulonimbus
Irule Update:
when CLIENT_ACCEPTED { set internal 0 # check if user come from internal network if {not [IP::addr [IP::client_addr] equals 10.0.0.0/8]} { set internal 1 } } when HTTP_REQUEST { if {$internal} { # allow acess to all directory from internela network only including /marketplace-app/ } elseif { [string tolower [HTTP::uri]] starts_with "/marketplace-app/#/" }{ # allow access to /marketplace-app/ from external } else { drop } }
keep me in touch
regards