Forum Discussion
ukhan20
Altocumulus
AltocumulusGeo-fencing for block and allow one country
how to do Geo-fencing in F5 Advanced Firewall Manager (AFM) to allow access from only one country, such as USA , and block all other countries ?
JesseRNimbostratus
It is not AFM but one work around is to make an Irule that would drop all outside connections. Something like:
when HTTP_REQUEST {
if { [whereis [IP::client_addr] country] != "US" } {
drop
}
}
This would drop all not united states based IPs.
- ukhan20
i am facing problem how to block all and all only one country
f51Cirrocumulus
Please follow the steps outlined in the article below.
https://clouddocs.f5.com/training/community/firewall/html/class1/module1/lab4.html#create-the-geo-restrict-firewall-rule-list-and-firewall-policy- ukhan20
i have not found Not in united stated
- f51
Hello Khan,
Please follow below steps to configure geo-fencing in F5 AFM to allow access only from the USA and block all other countries:- Log in to the F5 Configuration Utility.
- Navigate to Security > Network Firewall > Policy List.
- Create a New Firewall Policy.
- Define Rules for the Policy:
- Create an Accept rule for Source: Geolocation and select United States.
- Create a Reject/Drop rule for Source: Geolocation and select Not in United States.
- Save and Apply the Policy to the relevant virtual servers.