Source IP and http path restriction via irule or LTM policy
I am trying to figure out the best way to accomplish the below scenario so any help you can provide would be greatly appreciated.
I would like to be able to allow and block certain IP's and http path's to a VS.
1. If a list of source IP's is found then allow full access
2. If source IP is not found on above list then block the below http path's from all other source IP's
/maintenancepagedev/swagger/*
/maintenancepagedev/api/remove/*
/maintenancepagedev/api/update/*
/maintenancepagedev/api/set/*
/treecoupondev/*
3. Ensure that all other http path's not defined in step 2 are allowed access.
I have used irules in past to accomplish number 1 and 2 separately but never done them together. I am aware that I can use a datagroup list and reference that in both an irule and a LTM policy.
I have been trying to create an LTM policy that will do this but don't think I have the logic figured out. Here is what I have so far. If it makes more sens to do an irule if possible can you provide an example to show me the if else logic which is what I am struggling with.
LTM policy is set to Strategy of all
Rule 1:
Rule 2:
Rule 3: