Forum Discussion

neeeewbie's avatar
Dec 05, 2019

Block destination IP by source IP

Hi guys I need your help!!   we want to bypass some destination IP by source IP [our site using ssl fwd proxy] and is it possible ?   someone have a iRule??   thank you
  • Enes_Afsin_Al's avatar
    Dec 05, 2019

    Hi,

    Can you try this?

    when HTTP_REQUEST_SEND {
        # log local0. "Client IP = [IP::client_addr]"
        # log local0. "Server IP = [IP::server_addr]"
    	switch -glob [IP::client_addr] {
    		"1.2.3.4" -
    		"10.12.*" {
    			switch -glob [IP::server_addr] {
    				"10.11.12.13" -
    				"172.16.1.10" -
    				"192.168.5.*" { reject }
    			}
    		}
    		
    		"172.16.11*" {
    			switch -glob [IP::server_addr] {
    				"10.100.*" -
    				"192.168.100.*" { reject }
    			}
    		}
    		
    		"5.6.7.8" { reject }
    	}
    }