Forum Discussion
Blocking Traffic based on Geo Location
iRule looks fine with few modifcations to uri and closing braces. Also, please check with the requestor if it should be explicit URL "/job-request/" or wildcard (i.e anything after) "/job-request*".
If it's a wildcard, replace "eq" with "starts_with"
when HTTP_REQUEST {
if { ([string tolower [HTTP::uri]] eq "/job-request") and ([whereis [IP::client_addr] country] ne "TH") } {
drop
} else {
return
}
}
Thanks Sanjay for replying.
/"/job-request" is specific path which needs to be restricted. So could you please advise if eq is suffice the needs or shall this change to starts_with ?
- spalandeJul 15, 2021Nacreous
yes. eq would be okay.
- JaspreetgurmJul 16, 2021Altocumulus
I am allowing traffic only TH country, so I believe the action should be allow and else should be drop like below
{
allow
} else { drop
}
}
- spalandeJul 16, 2021Nacreous
Since your iRule has use "ne" (not equal) operator for checking the Country, it's dropping on first condition. You can modify the operator to check just for TH country using "eq" operator to drop on else condition. Both should be fine.
- JaspreetgurmJul 16, 2021Altocumulus
when HTTP_REQUEST {
if { ([string tolower [HTTP::uri]] eq "/job-request") and ([whereis [IP::client_addr] country] ne "TH") } {
drop
} else {
return
log local0. "[IP::remote_addr]"
}
}
is this fine ?
- spalandeJul 16, 2021Nacreous
yes. you can test it using vpn to select another Country. Also, I would disable logging unless needed for troubleshooting.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com