Forum Discussion
APM session policy based on IP address datagroup?
while reading various info, I am thinking that I dont need to do anything in the APM to only check for client IP once
Can use ACCESS_SESSION_STARTED iRule instead of the LTM policy CLIENT_ACCEPTED check.
Strange that there is no policy to work with APM...
when ACCESS_SESSION_STARTED {
set user_subnet [ACCESS::session data get "session.user.clientip"]
if { ($user_subnet & 0xffffff00) != "192.168.255.0" } {
log local0.notice "Unauthorized subnet"
ACCESS::session remove
}
}
OR
when ACCESS_SESSION_STARTED {
if { [class match [IP::client_addr] eq <datagroup_name>] } {
log local0. "Dropped connection: client IP [IP::client_addr] is restricted."
ACCESS::session remove
drop
}
}
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com