Forum Discussion

Shawn_Salyers_8's avatar
Shawn_Salyers_8
Icon for Nimbostratus rankNimbostratus
Apr 15, 2010

Http Https Single Virtual Server Question

I have configured the Http Https Single Virtual Server iRule found at http://devcentral.f5.com/wiki/default.aspx/iRules/HttpHttpsSingleVirtualServer.html and it works awesome. My question is, what (a...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Apr 15, 2010
Hi Shawn,

At the start of the CLIENT_ACCEPTED event, you can add a check of the client IP against a datagroup of allowed clients: 


when CLIENT_ACCEPTED {

    Save the VIP name, client IP:port as a log prefix to make the log lines shorter
   set log_prefix "[IP::client_addr]:[TCP::client_port]"

    Check if client IP is not in the allowed clients class
   if {not [matchclass [IP::client_addr] equals $::allowed_clients_class]}{

      if {$::single_vs_debug}{log local0. "$log_prefix: Rejecting connection from disallowed client IP"}

       Send a TCP reset
      reject

       Disable further iRule processing
      event disable all
   }

Aaron