Forum Discussion
SergeyAU
Mar 13, 2024Altostratus
while reading various info, I am thinking that I dont need to do anything in the APM to only check for client IP once
Can use ACCESS_SESSION_STARTED iRule instead of the LTM policy CLIENT_ACCEPTED check.
Strange that there is no policy to work with APM...
when ACCESS_SESSION_STARTED {
set user_subnet [ACCESS::session data get "session.user.clientip"]
if { ($user_subnet & 0xffffff00) != "192.168.255.0" } {
log local0.notice "Unauthorized subnet"
ACCESS::session remove
}
}
OR
when ACCESS_SESSION_STARTED {
if { [class match [IP::client_addr] eq <datagroup_name>] } {
log local0. "Dropped connection: client IP [IP::client_addr] is restricted."
ACCESS::session remove
drop
}
}