Forum Discussion

djkromarek's avatar
Icon for Nimbostratus rankNimbostratus
May 18, 2012

IP's allowed with Application security

I am trying to find out the following information. I have BIG-IP 9.4.7 Build 320.1 Final. I have the Application Security Module on this configuration. Is it possible, to add a list of IP's that the F5 will allow through and block all other IP's? Thanks, Deni

7 Replies

  • You can do this an iRule on the LTM module using the "IP::client_addr" parameter.



    Please refer this article:



  • How much overhead will be created on the F5 if I need to create the iRule with 1000 IPs to allow and everything else to be blocked? Can something be done using geolocation instead?
  • You can create a Data group and use an external class file to list the IPs.


    So are you having 1000 unique IP's, can you try consolidating into networks using subnet masks ?




    And for your next question, No, I dont think ASM or LTM can filter traffic based on geo location. But other product of F5 called the GTM has the capability to filter traffic based on geo location.


    Hope this helps.





  • Something that you may be interested



    LTM and GTM


    - Geolocation iRules to do it (


    ....more GTM (topology)


    ....more LTM (Packet filter)



    ASM (Enforcing application use in certain geolocations)


  • Do you have a link to instructions on how to create a Data group and use an external class file to list the IPs? this sounds like our best bet on trying to get this configured. At this time, we cannot upgrade to the correct version in order to use the GTM.



  • Thank you for the articles, they were very informative. The Geolocation may not be our best bet at this time since we are on version 9.4, however we do plan on upgrading this year and these articles will be very useful then. I appreciate your response.
  • This article discusses about Data Groups: