Forum Discussion
iRule To Control Access Based on Source and Destination Addresses
- Mar 11, 2014
You seem to have a good grasp, however I don't think I was paying enough attention when I made my other update. I only mentioned /Common/dg_ftp_out as you had referenced it but not defined it. I don't really see that it's necessary - you could get away with what's below instead;-
when CLIENT ACCEPTED { if {!([class match [IP::client_addr] equals dg_allowed_ftp_sources] && [class match [IP::local_addr] equals dg_allowed_ftp_destinations])} { discard return } }
This does the trick, thanks heaps! Unfortunately, performance kind of sucks at the moment - I have applied the same rule to a HTTP virtual server but it takes 2mins+ to load the webpages. Then, when I remove the iRule, it is fast again.
Dont worry about that though, ill get try and get to the bottom of it. Thanks again for your help!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com