Forum Discussion
NimbostratusI want to know if I can block service calls from Internet to a VIP using irules
Need help !!! I have an request from our Customer, they would like an iRule created for F5 VIP to block service calls from public internet. Any ideas ??
2 Replies
- Kevin_Stewart
Employee
This depends entirely on how you want to block the calls. As a layer 4-7 proxy you can use any of the following as conditions (and in various combinations):
- source address/port
- destination address/port
- cipher strength (client/server)
- request context (request, header, cookie, payload, method, etc.)
- response context (response, header, cookie, payload, status, etc.)
Can you be more specific about what the service calls are, how they're different than other traffic, and the conditions that define them?
- Kevin_Stewart
That provides a little more information, but your requirement still depends on some unknown factors, the most important being how you differentiate a service call from a normal and acceptable request. If you knew service calls were coming from specific IP addresses or networks, you could use source address logic or packet filter rules. If you knew that service calls contained a specific request object (URI or cookie for example), you could use HTTP logic. Without knowing more about the service call and how it differs from a regular request, it's difficult to say how to block it.
