Forum Discussion

Mathew_58740's avatar
Mathew_58740
Icon for Nimbostratus rankNimbostratus
Nov 06, 2013

Irule for blocking specific traffic

HI Can we get some help to achieve the below   If the below condition matches we need to block the connection and rest all should be permited.   IP is from the following subnets   ( src net...
application delivery
devops
iRules
Bhanu_9561's avatar
Bhanu_9561
Icon for Cirrus rankCirrus
Nov 06, 2013

You can also do it this way if you are only concerned about teh IP address. If you also need to look at the HTTP headers, you would require a more elaborate which coule be processor intensive as mentioned in the previous comment. iRuleIP_Addr_Block_List is a Data Group List which will contain the IP addresses/Networks that need to be blocked

 

when CLIENT_ACCEPTED{

 

if { [class match [IP::client_addr] equals $::IP_Addr_Block_List ] } {

 

TCP::close

 

} else {

 

return

 

}

 

}

 

Mathew_58740's avatar
Mathew_58740
Icon for Nimbostratus rankNimbostratus
Nov 06, 2013
Thank you guys for the updates our requirement is if IPAddress and the headers matches we have to block ,remaining traffic should be allowed.