Whitelist certain traffic in an existing irule
So the current irule is this
when HTTP_REQUEST {
if { [HTTP::method] equals "TRACE" } {
reject
}
elseif {[string tolower [HTTP::host]] equals "website.com"} {
pool website.com443}
elseif {[string tolower [HTTP::host]] equals "website2.com"} {
pool website2.com443}
}
}
So all traffic comes to a single IP and is separated to the different sites/pools. I need to whitelist traffic to one of the sites, only allowing RFC 1918 and some /24s from a /16. From researching I think it's something like this.
when HTTP_REQUEST {
if { [HTTP::method] equals "TRACE" } {
reject
}
elseif {[string tolower [HTTP::host]] equals "website.com"and [class match [IP::client_addr] equals ALLOWED] } {
pool website.com443}
elseif {[string tolower [HTTP::host]] equals "website.com"} and { [class match [IP::client_addr] equals DENIED] } {
reject}
elseif {[string tolower [HTTP::host]] equals "website2.com"} {
pool website2.com443}
}
}
With the allowed IPs in ALLOWED datagroup and denied IPs in Denied.
Would this work?
Will it interfere with the other sites?
Thanks in advance
Realized after writing that I probably don't need the DENIED group as anything else still going to that site in the rule order could just be rejected. Left it in case I do need it