Forum Discussion
Mike_Graston_10
Nimbostratus
Nimbostratusallow specified IP addresses
All,
I have wrote this after looking through the code share and it doesn't seem too efficent. I would have like to create a class where as I could edit the class to allow either IP or networks access to the specific virtual server. I don't get the whole class thing. I have put toghther this rule to allow certain IPs and networks access to the app but would appreciate a sanity check to make sure I am going down the right path here.
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
pool pool-my-pool
}
elseif { [IP::addr [IP::client_addr] equals 11.10.10.10] } {
pool pool-my-pool
}
elseif { [IP::addr [IP::client_addr] equals 12.10.10.10] } {
pool pool-my-pool
}
elseif { [IP::addr [IP::client_addr] equals 13.10.10.0/24] } {
pool pool-my-pool
}
drop
}
Mike_Graston_10After looking at it I would like tobe able to use a data group to allow access where as I specify the ip/networks but can not figure out how my Irule will look.
I have this as an example:
when CLIENT_ACCEPTED {
if { [matchclass [IP::client_addr] equals $::permitted-IPs] } {
pool pool-my-pool
}
drop
}
So my data group "permitted-IPs" would include the network or host IP I want to allow.i would like to send a 404 back instead of dropping the seesion but that becomes more complicated.
Mike