For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

sysadmin_2015_2's avatar
sysadmin_2015_2
Icon for Nimbostratus rankNimbostratus
Sep 22, 2015

iRule - Whitelisting/Blocking IP Addresses

Hello,   We use a third party for our CDN and web security. I would like to write an iRule where we whitelist only their IP ranges and block all other traffic. Can someone please assist me in wr...
sysadmin_2015_2's avatar
sysadmin_2015_2
Icon for Nimbostratus rankNimbostratus
Sep 23, 2015

Hello,

 

Thank you for the reply. Our F5 is at the edge. If I create a data group with the listed CDN's IP'S called allowed-nets, do I still have to include them in the iRule? if so does the below look correct?

 

when CLIENT_ACCEPTED { if { not ([class match [IP::client_addr] equals allowed-nets]) } { log local0. "[IP::client_addr] is not permitted to site xxxx" reject } }

 

ltm data-group internal allowed-netss { records { 192.168.20.0/24, 192.178.20.0/24, 192.188.20.0/24 { data "NetYYYY" } } type ip }

 

Thank you,