Forum Discussion
CirrocumulusiRule to drop Public IP access to DNS Wide-ip
We have wide-ip "abc01.example.com" which we want only to access from internal user (private ip)
Do we have iRule to drop only public ip and allow private ip on that wide-ip?
So when nslookup to "abc01.example.com" via public ip, F5 drop
and when nslookup to "abc01.example.com" via private ip, F5 allow
Thank you
3 Replies
kridsanaor can we create DNS pool with no member?
So I can create Topology LB and check for source IP,,
If Source IP is Private IP > choose Pool A
If Source IP is not Private IP > choose Pool B (Which have no member = return no IP)
I try to create pool with no member but F5 mark status downHi,
You can create a data group with the subnets of your private network and then apply it to the listener, follow the next link to see the irule logic.
- kridsana
We can't do just that because we want to block public ip from only specific wide-ip (eg. abc01.example.com)
but user from public can resolve for abc02.example.com and more.
I think that we need iRule that check if client IP is private or not and also check if those client access to abc01.example.com or not.
e.g.
if client not eq [private_ip_datagroup] && try to resolve wideip [abc01.example.com]
drop
else
return
Not sure if there is that irule though
