Forum Discussion

Dazzla_20011's avatar
Dazzla_20011
Icon for Nimbostratus rankNimbostratus
Aug 15, 2011

Block users from connecting to a virtual server using ip address

Hi,

 

 

What’s the easiest method to block users from connecting to a virtual server using an ip address. We only want to allow connections which match the url.

 

 

Thanks

 

Darren
config
design
  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Aug 15, 2011

    Hi Darren,

    You can create a simple irule such as the following example:

    The following example blocks any users not entering the correct URL

    when HTTP_REQUEST {

    set host [string tolower [HTTP::host]]

    set uri [ string tolower [HTTP::uri]]

    if { !(($host eq "www.yourdomain.com") and ($uri starts_with "/url" )) } {

    reject

    }

    }

    Another example is blocking based on an specific clients IP address

    when CLIENT_ACCEPTED {

    if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {

    reject

    }

    }

    or blocking all addresses except a single address

    when CLIENT_ACCEPTED {

    if {! ([IP::addr [IP::client_addr] equals 10.10.10.10]) } {

    reject

    }

    }

    You can get more sophisticated by using the class function when you need to block multiple client ip addresses in different ranges

    http://devcentral.f5.com/wiki/iRules.class.ashx

    I hope this helps

    Bhattman

  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Aug 15, 2011
    You can go more generically with a scan command: 

    
when HTTP_REQUEST {
  if { [scan [HTTP::host] {%d.%d.%d.%d} 0 0 0 0] == 4 } {
    HTTP::respond 200 content "Please use the hostname!"
  }
}