whitelist url

we would like to white list a virtual directory on our website:
 we only want 2 external ip's (clients) to use this services which is a virtual directory on our website (web service within our website)
 we obviously do not want to white list our website, only the protected url below
 url:
https://mydomin.com/service < this is our website
https://mydomin.com/service/PROTECTEDWEBSERVICE < this is the service (url) we want to whitelist

 we have a Cisco 5500 asa firewall and would like to  white list here if possible
 we also have a F5 load balancer (ALF) if not possible on asa would like to white list here

 is this possible and if so what Is the best approach
keep in mind that its HTTPS
porto111Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
For CISCO, it is more of static URL policy inspection. You can using ADSM go into Configuration > Global Objects > Inspect Maps > HTTP in order to create a http_inspection_policy to set the action for the matched traffic. The match traffic can be specific to the domain and its subfolder. The example show blockURL but you can add in explicitly to allow instead of drop the traffic. For others to be blocked. Pls see http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/100513-ASARegexp.html#asa5

For F5, it has iRules to achieve that
when HTTP_REQUEST {
  set response_data "Unauthorized request"
  if { not [matchclass [HTTP::path] equals $::Dev_URL_List]} {
    HTTP::respond 200 content $response_data
  }
}
(url whitelist, go for latest ver build) https://devcentral.f5.com/questions/filtering-a-list-of-urls
(Packet filter client whitelist)
You implement packet filtering by creating packet filter rules. The primary purpose of a packet filter rule is to define the criteria that you want the BIG-IP system to use when filtering packets. Examples of criteria that you can specify in a packet filter rule are:

The source IP address of a packet
The destination IP address of a packet
The destination port of a packet
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-datacenter-firewall-config-11-2-0/5.html

Otherwise Cisco can work with Websense or Smartfilter
http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/97277-pix-asa-url-filtering.html#prereq

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.