Forum Discussion
Willy
Nimbostratus
NimbostratusIP address filter on Virtual RDP server
I am running an LTM/ASM version 11.5.4. Recently an RDP virtual server was setup. Intention is to limit the IP addresses. Only few IP addresses are allowed access to this VS. The ASM module seems to support only policies for HTTP and HTTPS. Does someone have an alternative to building an Irule that limits the IP addresses ?
3 Replies
- Kai_Wilke
MVP
Hi Willy,
you may use one of the iRules below...
IP::addr based iRule:
The IP::addr based syntax is ideal, if just a few IPs or Subnets are requiring access (less than 5).
when CLIENT_ACCEPTED { if { ( [IP::addr [IP::client_addr] equals "10.0.0.0/8"] ) or ( [IP::addr [IP::client_addr] equals "172.16.0.0/12"] ) or ( [IP::addr [IP::client_addr] equals "192.168.0.0/16"] ) } then { Allow the request } else { reject } }
/ data-group based iRule:[class]The
/ data-group based syntax is ideal, if just if many IPs or Subnets are requiring access (more than 5)[class]iRule:
when CLIENT_ACCEPTED { if { [class match [IP::client_addr] equals DG_ALLOWED_RDP_CLIENTS] } then { Allow the request } else { reject } }Data-Group:
ltm data-group internal DG_ALLOWED_RDP_CLIENTS { records { 10.0.0.0/8 {} 172.16.0.0/12 {} 192.168.0.0/16 {} } type ip }Cheers, Kai
WillyHello Kai,
Thank you for the quick and adequate responses. I will move on with the info received from you.
Thanks, Willy
- Kai_Wilke
You're welcome! ;-)
Cheers, Kai
