Forum Discussion
neeeewbie
MVP
MVPBlock destination IP by source IP
Hi guys
I need your help!!
we want to bypass some destination IP by source IP [our site using ssl fwd proxy]
and is it possible ?
someone have a iRule??
thank you
Hi,
Can you try this?
when HTTP_REQUEST_SEND { # log local0. "Client IP = [IP::client_addr]" # log local0. "Server IP = [IP::server_addr]" switch -glob [IP::client_addr] { "1.2.3.4" - "10.12.*" { switch -glob [IP::server_addr] { "10.11.12.13" - "172.16.1.10" - "192.168.5.*" { reject } } } "172.16.11*" { switch -glob [IP::server_addr] { "10.100.*" - "192.168.100.*" { reject } } } "5.6.7.8" { reject } } }
Hi,
Can you try this?
when HTTP_REQUEST_SEND { # log local0. "Client IP = [IP::client_addr]" # log local0. "Server IP = [IP::server_addr]" switch -glob [IP::client_addr] { "1.2.3.4" - "10.12.*" { switch -glob [IP::server_addr] { "10.11.12.13" - "172.16.1.10" - "192.168.5.*" { reject } } } "172.16.11*" { switch -glob [IP::server_addr] { "10.100.*" - "192.168.100.*" { reject } } } "5.6.7.8" { reject } } }
neeeewbiethank you!!!
what is mean ""1.2.3.4" -" ??
mean of "-" is "or".
switch -glob [IP::client_addr] { "1.2.3.4" - "10.12.*" { ... } }The above code works like the following code.
if { [IP::client_addr] equals "1.2.3.4" or [IP::client_addr] starts_with "10.12." } { ... }- neeeewbie
oh,, Thank you !!!