Forum Discussion
kridsana
Cirrocumulus
CirrocumulusiRule to drop Public IP access to DNS Wide-ip
We have wide-ip "abc01.example.com" which we want only to access from internal user (private ip) Do we have iRule to drop only public ip and allow private ip on that wide-ip? So when nslookup to "a...
Hi,
You can create a data group with the subnets of your private network and then apply it to the listener, follow the next link to see the irule logic.
kridsanaWe can't do just that because we want to block public ip from only specific wide-ip (eg. abc01.example.com)
but user from public can resolve for abc02.example.com and more.
I think that we need iRule that check if client IP is private or not and also check if those client access to abc01.example.com or not.
e.g.
if client not eq [private_ip_datagroup] && try to resolve wideip [abc01.example.com]
drop
else
return
Not sure if there is that irule though