Forum Discussion
neeeewbie
Dec 05, 2019MVP
Block destination IP by source IP
Hi guys
I need your help!!
we want to bypass some destination IP by source IP [our site using ssl fwd proxy]
and is it possible ?
someone have a iRule??
thank you
Hi,
Can you try this?
when HTTP_REQUEST_SEND { # log local0. "Client IP = [IP::client_addr]" # log local0. "Server IP = [IP::server_addr]" switch -glob [IP::client_addr] { "1.2.3.4" - "10.12.*" { switch -glob [IP::server_addr] { "10.11.12.13" - "172.16.1.10" - "192.168.5.*" { reject } } } "172.16.11*" { switch -glob [IP::server_addr] { "10.100.*" - "192.168.100.*" { reject } } } "5.6.7.8" { reject } } }
Hi,
Can you try this?
when HTTP_REQUEST_SEND { # log local0. "Client IP = [IP::client_addr]" # log local0. "Server IP = [IP::server_addr]" switch -glob [IP::client_addr] { "1.2.3.4" - "10.12.*" { switch -glob [IP::server_addr] { "10.11.12.13" - "172.16.1.10" - "192.168.5.*" { reject } } } "172.16.11*" { switch -glob [IP::server_addr] { "10.100.*" - "192.168.100.*" { reject } } } "5.6.7.8" { reject } } }
thank you!!!
what is mean ""1.2.3.4" -" ??
mean of "-" is "or".
switch -glob [IP::client_addr] { "1.2.3.4" - "10.12.*" { ... } }
The above code works like the following code.
if { [IP::client_addr] equals "1.2.3.4" or [IP::client_addr] starts_with "10.12." } { ... }
oh,, Thank you !!!
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects