Prevent Access to specific path on F5 Load Balancer LTM

By | November 27, 2013

The following iRule will allow you to block access to multiple web directories when being accessed through your F5 LTM.  Not only can you block paths but this also includes built in logging if un-commented and another data group for IPs that you want to allow access to.  The data groups referenced below do need to be created first.  The lbtest-bad_paths group should have paths you’d like to block (i.e. /api, /admin) and the lbtest-trust_ips should contain IPs you’d like to permit through regardless of path restrictions.

# This rule can be used to reject all traffic except for a group of IPs. You must create a data group with the necessary subnets/IPs first.
when HTTP_REQUEST {
if { [matchclass [string tolower [HTTP::path]] equals lbtest-bad_paths] } {
#log local0. "bad path match:[HTTP::path]"
if { not [matchclass [IP::client_addr] equals lbtest-trusted_ips] } {
#log local0. "untrusted ip match:[IP::client_addr]"
HTTP::respond 404 -version 1.1 noserver
}
}
}