Forum Discussion

neeeewbie's avatar
Dec 05, 2019

Block destination IP by source IP

Hi guys

I need your help!!

 

we want to bypass some destination IP by source IP [our site using ssl fwd proxy]

and is it possible ?

 

someone have a iRule??

 

thank you

  • Hi,

    Can you try this?

    when HTTP_REQUEST_SEND {
        # log local0. "Client IP = [IP::client_addr]"
        # log local0. "Server IP = [IP::server_addr]"
    	switch -glob [IP::client_addr] {
    		"1.2.3.4" -
    		"10.12.*" {
    			switch -glob [IP::server_addr] {
    				"10.11.12.13" -
    				"172.16.1.10" -
    				"192.168.5.*" { reject }
    			}
    		}
    		
    		"172.16.11*" {
    			switch -glob [IP::server_addr] {
    				"10.100.*" -
    				"192.168.100.*" { reject }
    			}
    		}
    		
    		"5.6.7.8" { reject }
    	}
    }
  • Hi,

    Can you try this?

    when HTTP_REQUEST_SEND {
        # log local0. "Client IP = [IP::client_addr]"
        # log local0. "Server IP = [IP::server_addr]"
    	switch -glob [IP::client_addr] {
    		"1.2.3.4" -
    		"10.12.*" {
    			switch -glob [IP::server_addr] {
    				"10.11.12.13" -
    				"172.16.1.10" -
    				"192.168.5.*" { reject }
    			}
    		}
    		
    		"172.16.11*" {
    			switch -glob [IP::server_addr] {
    				"10.100.*" -
    				"192.168.100.*" { reject }
    			}
    		}
    		
    		"5.6.7.8" { reject }
    	}
    }
    • mean of "-" is "or".

      switch -glob [IP::client_addr] {
      	"1.2.3.4" -
      	"10.12.*" { ... }
      }

      The above code works like the following code.

      if { [IP::client_addr]  equals "1.2.3.4" or [IP::client_addr]  starts_with "10.12." } { ... }