For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

marv_Williams_5's avatar
marv_Williams_5
Icon for Nimbostratus rankNimbostratus
Apr 14, 2015

Geo Location I-Rule to Block Continents but allow certain IP addresses then redirect

I have a simple I-Rule that blocks Continents but I need to revise this to block continents I choose, but allow certain IP addresses from a Continent that is blocked. The Continents that are blocked will be redirected to a website. Any help will be appreciated. Here is my current rule blocking traffic from Europe

 

when CLIENT_ACCEPTED { Get the continent client IP if { [whereis [IP::client_addr] continent] eq "EU"} { log local0. "Traffic from Europe rejected." reject

 

} }

 

application delivery
devops
iRules
LTM

5 Replies

  • Richard__Harlan's avatar
    Richard__Harlan
    Historic F5 Account
    Apr 14, 2015

    You can add a Datagroup with IPs that are allowed.

    when CLIENT_ACCEPTED {
    if { ([whereis [IP::client_addr] continent] eq "EU") && not ( [class match [IP::client_addr] equals whitelist ) {
    reject
    }

    Have not tested just the idea should work.

  • Richard__Harlan's avatar
    Richard__Harlan
    Historic F5 Account
    Apr 14, 2015

    Sorry I missed a few close brackets this on syntax checked on a LTM and loaded without a problem

    when CLIENT_ACCEPTED { 
if { ( [whereis [IP::client_addr] continent] eq "EU") && not ( [class match [IP::client_addr] equals whitelist] ) } { 
    reject 
    }

    }

  • IRONMAN's avatar
    IRONMAN
    Icon for Cirrostratus rankCirrostratus
    Oct 13, 2016

    Hi,

     

    Can i use this irule for my LTM to block source base continents wise block list, also how to LTM know the continents IP's .Let me know that step also.