F5 Whitelisting/ Allowing a specific range of traffic to VS

We have a req to allow only specific subnet range and IPs to access the virtual server it would be great if you help me on this. VS on f5 is configured to listen only on port 443.

application delivery

BIG-IP

iRules

Hannes_Rapp_162

Mar 06, 2018

Create IP type LTM data-group. Define allowed IP/subnet values, and add optional descriptions. You can find data-group creation page at

Local Traffic - iRules - Data-group List

. Example of an IP type data-group in CLI/TEXT format:

ltm data-group internal datagroup_allowed_ip {
  records {
    100.20.20.0/32 { }
    199.20.20.128/25 { }
  }
  type ip
}

Create an iRule that checks for matches against entries in datagroup_allowed_ip

when CLIENT_ACCEPTED {
  if { [class match [IP::client_addr] eq "datagroup_allowed_ip" ] }{
     Traffic is allowed. Client IP match found in datagroup_allowed_ip
    return
  } else {
     Traffic is dropped. Client IP match not found in datagroup_allowed_ip
    drop
  }
}

Forum Discussion

F5 Whitelisting/ Allowing a specific range of traffic to VS

Recent Discussions

Disk space full - what files, folders are safe to delete?

ASM instance creation

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

Related Content

Exception for GeoBlocked Country. Without Allow-Listing a specific IP

Allow only specific IP Address to only specific URL/route in ASM

iRule for IP Whitelist on specific URL

Global Blacklist or Whitelist

Disabling Specific Weak Cipher Suites