Forum Discussion

Dazzla_20011's avatar
Dazzla_20011
Icon for Nimbostratus rankNimbostratus
Aug 15, 2011

Block users from connecting to a virtual server using ip address

Hi,     What’s the easiest method to block users from connecting to a virtual server using an ip address. We only want to allow connections which match the url.     Thanks   Darren
config
design
The_Bhattman's avatar
The_Bhattman
Icon for Nimbostratus rankNimbostratus
Aug 15, 2011

Hi Darren,

You can create a simple irule such as the following example:

The following example blocks any users not entering the correct URL

when HTTP_REQUEST {

set host [string tolower [HTTP::host]]

set uri [ string tolower [HTTP::uri]]

if { !(($host eq "www.yourdomain.com") and ($uri starts_with "/url" )) } {

reject

}

}

Another example is blocking based on an specific clients IP address

when CLIENT_ACCEPTED {

if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {

reject

}

}

or blocking all addresses except a single address

when CLIENT_ACCEPTED {

if {! ([IP::addr [IP::client_addr] equals 10.10.10.10]) } {

reject

}

}

You can get more sophisticated by using the class function when you need to block multiple client ip addresses in different ranges

http://devcentral.f5.com/wiki/iRules.class.ashx

I hope this helps

Bhattman