For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

cbarnett_13782's avatar
cbarnett_13782
Icon for Nimbostratus rankNimbostratus
Feb 16, 2009

Block ssl requests by ip

We need to test out a website befor we roll it out to production. So to test we want to only allow certian IP addresses accessing a virtual server. I have this working nicely for the HTTP virtual serv...
application delivery
dev
devops
iRules
cbarnett_13782's avatar
cbarnett_13782
Icon for Nimbostratus rankNimbostratus
Feb 16, 2009
I have three pools, one for 80, one for 443, and one for 8080. The only one that works with the SSL VIP is the 443 pool.

 

 

Without the rule

 

 

[root@F51:Active] log b virtual WWWSSH list

 

virtual WWWSSH {

 

destination ipaddress:https

 

ip protocol tcp

 

pool WEBPOOLSSH

 

vlans external enable

 

}

 

[root@F51:Active] log b pool WEBPOOLSSH list

 

pool WEBPOOLSSH {

 

monitor all https

 

member 10.100.74.15:https

 

member 10.100.74.16:https

 

}

 

 

With the irule

 

 

[root@F51:Active] log b virtual WWWSSH list

 

virtual WWWSSH {

 

destination ipaddress:https

 

ip protocol tcp

 

pool WEBPOOLSSH

 

rule Block_all_but_us_NEW

 

vlans external enable

 

}

 

[root@F51:Active] log b pool WEBPOOLSSH list

 

pool WEBPOOLSSH {

 

monitor all https

 

member 10.100.74.15:https

 

member 10.100.74.16:https

 

}