For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

neeeewbie's avatar
neeeewbie
Icon for MVP rankMVP
Dec 05, 2019
Solved

Block destination IP by source IP

Hi guys

I need your help!!

 

we want to bypass some destination IP by source IP [our site using ssl fwd proxy]

and is it possible ?

 

someone have a iRule??

 

thank you

application delivery
BIG-IP
  • Enes_Afsin_Al's avatar
    Enes_Afsin_Al
    Dec 05, 2019

    Hi,

    Can you try this?

    when HTTP_REQUEST_SEND {
    # log local0. "Client IP = [IP::client_addr]"
    # log local0. "Server IP = [IP::server_addr]"
	switch -glob [IP::client_addr] {
		"1.2.3.4" -
		"10.12.*" {
			switch -glob [IP::server_addr] {
				"10.11.12.13" -
				"172.16.1.10" -
				"192.168.5.*" { reject }
			}
		}
		
		"172.16.11*" {
			switch -glob [IP::server_addr] {
				"10.100.*" -
				"192.168.100.*" { reject }
			}
		}
		
		"5.6.7.8" { reject }
	}
}

4 Replies

  • Enes_Afsin_Al's avatar
    Enes_Afsin_Al
    Icon for MVP rankMVP
    Dec 05, 2019

    Hi,

    Can you try this?

    when HTTP_REQUEST_SEND {
    # log local0. "Client IP = [IP::client_addr]"
    # log local0. "Server IP = [IP::server_addr]"
	switch -glob [IP::client_addr] {
		"1.2.3.4" -
		"10.12.*" {
			switch -glob [IP::server_addr] {
				"10.11.12.13" -
				"172.16.1.10" -
				"192.168.5.*" { reject }
			}
		}
		
		"172.16.11*" {
			switch -glob [IP::server_addr] {
				"10.100.*" -
				"192.168.100.*" { reject }
			}
		}
		
		"5.6.7.8" { reject }
	}
}
    • Enes_Afsin_Al's avatar
      Enes_Afsin_Al
      Icon for MVP rankMVP
      Dec 06, 2019

      mean of "-" is "or".

      switch -glob [IP::client_addr] {
	"1.2.3.4" -
	"10.12.*" { ... }
}

      The above code works like the following code.

      if { [IP::client_addr]  equals "1.2.3.4" or [IP::client_addr]  starts_with "10.12." } { ... }