The iRule below was spawn from a request to block access to specific URIs on a website and only allow access from whitelisted IP networks and hosts.
In my first attempt I used concatenated OR statements which worked but was less sexy and probably less efficient then the switch I ended up using.
As for the Data List in this example it's named "AllowedIPDatalist." I created a network data list not because it was efficient, its not, I wanted to make it easier for co workers that didn't feel comfortable editing an iRule a place to enter Networks and Hosts in a format they where used to.
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::uri]] {
"*/uri/sample1*" -
"*/uri/sample2*" -
"*/uri/sample3*" {
if { !([matchclass [IP::client_addr] equals AllowedIPDatalist])} {
reject
log local0. "Client IP Discard: \ [IP::client_addr]:[TCP::client_port] -> [IP::local_addr]:[TCP::local_port]"
}
}
}
}
Share On
