Forum Discussion

MVP

Dec 05, 2019

Solved

Block destination IP by source IP

Hi guys I need your help!! we want to bypass some destination IP by source IP [our site using ssl fwd proxy] and is it possible ? someone have a iRule?? thank you

application delivery

BIG-IP

Enes_Afsin_Al

Dec 05, 2019

Hi,

Can you try this?

when HTTP_REQUEST_SEND {
    # log local0. "Client IP = [IP::client_addr]"
    # log local0. "Server IP = [IP::server_addr]"
	switch -glob [IP::client_addr] {
		"1.2.3.4" -
		"10.12.*" {
			switch -glob [IP::server_addr] {
				"10.11.12.13" -
				"172.16.1.10" -
				"192.168.5.*" { reject }
			}
		}
		
		"172.16.11*" {
			switch -glob [IP::server_addr] {
				"10.100.*" -
				"192.168.100.*" { reject }
			}
		}
		
		"5.6.7.8" { reject }
	}
}

Enes_Afsin_Al

MVP

Dec 05, 2019

Hi,

Can you try this?

when HTTP_REQUEST_SEND {
    # log local0. "Client IP = [IP::client_addr]"
    # log local0. "Server IP = [IP::server_addr]"
	switch -glob [IP::client_addr] {
		"1.2.3.4" -
		"10.12.*" {
			switch -glob [IP::server_addr] {
				"10.11.12.13" -
				"172.16.1.10" -
				"192.168.5.*" { reject }
			}
		}
		
		"172.16.11*" {
			switch -glob [IP::server_addr] {
				"10.100.*" -
				"192.168.100.*" { reject }
			}
		}
		
		"5.6.7.8" { reject }
	}
}

Forum Discussion

Block destination IP by source IP

Recent Discussions

iRule resulting in too many redirects

When F5OS r2800 appliance reboots, interfaces configured at tenant level for VLAN are lost

cat and grep command for rst messages

iControl for Gtm wideip

Telemetry streaming to Elasticsearch

Related Content

Destination address at F5

Block traffic

ASM/WAF rate limit and block clients by source ip (or device_id fingerprint) if there are too many violations

Block IP after a number of ASM Blocks

domain blocking