Forum Discussion
Nimbostratusallowing a list of IP addresses access to a pool
I'm trying to find a way to pass the request through an address-list or ACL before sending to the pool. I want to allow only certain IP addresses to connect to this pool. Any ideas?
when HTTP_REQUEST {
switch [string tolower [HTTP::host]] {
"host.xyz.com" {
pool pool-xyz
}
}
}
You need to use IP::client_addr to match client's IP address against ACL list using "match" command
https://clouddocs.f5.com/api/irules/IP__client_addr.html
https://clouddocs.f5.com/api/irules/class.html
https://devcentral.f5.com/s/articles/the101-irules-101-datagroups-amp-tables
Example
https://devcentral.f5.com/s/question/0D51T00006i7X0s/irule-match-a-client-ip-to-a-subnet-in-a-datagroup
Bill_S_Thanks Surgeon! I had the IP:client_addr part, but couldn't figure how to reference a list. The link that referenced classes and datagroups did the trick.
neeeewbieMVP
I think you would rather using 'data group'
so, you have to make 'data group' and input specific IP address for access the pool !
- neeeewbie
like below rule
when HTTP_REQUEST {
switch [string tolower [HTTP::host]] && [class match [IP::client_addr] equals "accessip"] {
"host.xyz.com" {
pool pool-xyz
}
}
}
