irule

Hi, If my understanding is correct, you have multiple VS with same VIP running on port 80, 443, and a new port.

And your requirement is to restrict access for the VIP on new port.

You can achieve this by below method. Create a DATAGROUP for the specific users which you are providing access.

I tried out in TMSH with below codes

ltm data-group DG1 {
records {
192.168.1.0/25{ }
        192.168.3.0/24{ }
    }
    type ip
}

ltm rule AppAccess_1 {
    when HTTP_REQUEST {
if { ![matchclass [IP::remote_addr] equals $::DG1] } {
drop
}
}
}

Create a VS with NEW_PORT_NUMBER
       ltm virtual vs_web1 {
        destination 10.10.10.1:NEW_PORT_NUMBER
        ip-protocol tcp
        mask 255.255.255.255
        pool webpool1
        profiles {
            http { }
            tcp { }
        }
         ASSOCIATING iRule 
        rules {
            AppAccess_1
        }
        
        snat automap
        vlans {
            outside
        }
        vlans-enabled
    }

---------------------------XXXXX--END--XXXXX-----------------------

Same can be done at webgui,

create a data group * Navigate to Local Traffic -> irules -> Data Group List

Create a new Datagroup of type Address and add the hosts/network of your interested sources and finish

create an irule and associate it with the data group

• Navigate to Local Traffic -> irules -> irule list

Create an irule with below code

when HTTP_REQUEST {
    if { ![matchclass [IP::remote_addr] equals $::DG1] } {
    drop
    }
    }
    }

Associating the irule with new virtual server

• Navigate to Local Traffic -> Virtual Servers -> Virtual Server List

Create your new virtual server and associate this irule under Resources tab of your new virtual server.

Hope this will help you.