WirelessPhreak.com

I like to travel, f*ck with technology, and partake in the occasional tropical drink.
I am also a co-host on The NBD Show podcast.
Follow Me

F5 iRule Access to Multiple URIs from IP Address Data Group



By   WirelessPhreak      Thursday, July 02, 2015      Labels: , ,  
The iRule below was spawn from a request to block access to specific URIs on a website and only allow access from whitelisted IP networks and hosts. 

In my first attempt I used concatenated OR statements which worked but was less sexy and probably less efficient then the switch I ended up using. 

As for the Data List in this example it's named "AllowedIPDatalist." I created a network data list not because it was efficient, its not, I wanted to make it easier for co workers that didn't feel comfortable editing an iRule a place to enter Networks and Hosts in a format they where used to.

when HTTP_REQUEST {
  switch -glob [string tolower [HTTP::uri]] {
    "*/uri/sample1*" -
    "*/uri/sample2*" -
    "*/uri/sample3*" {
      if { !([matchclass [IP::client_addr] equals AllowedIPDatalist])} {
         reject 
         log local0. "Client IP Discard: \ [IP::client_addr]:[TCP::client_port] -> [IP::local_addr]:[TCP::local_port]"
      }
    }  
  }
}

About WirelessPhreak

Just your everyday Packet Wrangler who enjoy's traveling and anything techie...


Join the EFF

Join the EFF
#privacy #digitalrights

Contact Me

Name

Email *

Message *