Better way to match different URI based on XFF and different data group with IP

Hi All,

I was wondering if anyone can point out or suggest a better or more effcient way to put together the two logic together in this code.

Data group:

1. Data group with IP 1.1.1.1/32 & 1.1.1.2/32 & 5.5.5.0/24 called "DG-XFF-EXTERNAL-ALLOWED-IP"
2. Data group with IP 2.2.2.1/32 and 2.2.2.2/32 called "DG-XFF-INTERNAL-ALLOWED-IP"

Requirement:

1. if the external users IP is in "DG-XFF-EXTERNAL-ALLOWED-IP" and they go to URI "/externalURI" they are allowed in based on XFF IP matching, otherwise they will be rejected

    

2. if users IP is in "DG-XFF-INTERNAL-ALLOWED-IP" and they go to URI "/internalURI" they are allowed in based on XFF IP matching, otherwise the will be rejected

    

when HTTP_REQUEST {

set CHECK_IP [getfield [HTTP::header values X-Forwarded-For] " " 1]
      switch -glob [HTTP::uri] {
             “/externalURI“ {
           if { ! ([class match $CHECK_IP eq DG-XFF-EXTERNAL-ALLOWED-IP) } {
             reject       
           }
        }

     switch -glob [HTTP::uri] {
             “/InternalURI“ {
           if { ! ([class match $CHECK_IP eq DG-XFF-INTERNAL-ALLOWED-IP) } {
             reject       
           }
        }
      }
    }

Thank you!