Forum Discussion
NimbostratusAPM IP source filter
I have an F5 doing load balancing and SSL offloading for Citrix XenDesktop users. With this I'm using the visual policy editor to preset an F5 login page for RSA Auth. All of this works fine. What I'm trying to implement is an IP source filter that will bypass the login/RSA auth page when coming from a particualar IP or subnet. I've tried to create some irule commands in the branch section - expr { [IP::client_addr [mcget {session.user.clientip}] equals "x.x.x.x/32"] } - and have this when matched use the branch and not the fallback which would be the login page. However I'm having trouble even getting the match to happen. I've tried to break it down to simple logic like 1 == 1 just to use the branch path but to no avail. I think I'm not looking at these rules correctly. Just trying to match an ip and use the branch path as compared to the fallback path. Any help would be appreciated.
Thanks
1 Reply
- Kevin_Stewart
Employee
Try an iRule in the ACCESS_SESSION_STARTED event:
when ACCESS_SESSION_STARTED { if { [IP::addr [ACCESS::session data get session.user.clientip] equals 10.80.0.0/24] } { ACCESS::session data set session.user.insubnet 1 } }Then in you empty VPE agent:
expr { [mcget {session.user.insubnet}] == 1 }
