Forum Discussion

Altostratus

Mar 17, 2023

Help with iRule - Access Control Based on IP

I am trying to use Access Control Based on IP irule to restrict access to a virtual server. However when i apply the iRule the connection gets rejected and i see this in the logs (this is all in ...

Admin

Mar 21, 2023

Hi Jose_Cruz,

matchclass was deprecated in v10, and that iRule should look like instead:

when CLIENT_ACCEPTED priority 500 {
    if { [class match -- [IP::client_addr] equals trustedAddresses] } {
        #Uncomment the line below to turn on logging.
        log local0. "Valid client IP: [IP::client_addr] - forwarding traffic"
        forward
    } else {
        #Uncomment the line below to turn on logging.
        log local0. "Invalid client IP: [IP::client_addr] - discarding"
        discard
    }
}

Your data-group has the same value as the key, is this intended? Not sure what use that is, if you are not using values, you do not need to set them.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Help with iRule - Access Control Based on IP

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Granular Access control policies

traffic from APM to Domain Controller

No more http Portal Access

owa iapp assign irule

APM access policy in non Comon partition - not working

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS