Forum Discussion
irule
Hi, If my understanding is correct, you have multiple VS with same VIP running on port 80, 443, and a new port.
And your requirement is to restrict access for the VIP on new port.
You can achieve this by below method. Create a DATAGROUP for the specific users which you are providing access.
I tried out in TMSH with below codes
Creating a Datagroup
ltm data-group DG1 {
records {
192.168.1.0/25{ }
192.168.3.0/24{ }
}
type ip
}Associate and match the DATAGROUP in your iRule and set your policy whether to allow or deny ltm rule AppAccess_1 {
when HTTP_REQUEST {
if { ![matchclass [IP::remote_addr] equals $::DG1] } {
drop
}
}
}Associate the iRule to the virtual server Create a VS with NEW_PORT_NUMBER
ltm virtual vs_web1 {
destination 10.10.10.1:NEW_PORT_NUMBER
ip-protocol tcp
mask 255.255.255.255
pool webpool1
profiles {
http { }
tcp { }
}
ASSOCIATING iRule
rules {
AppAccess_1
}
snat automap
vlans {
outside
}
vlans-enabled
}---------------------------XXXXX--END--XXXXX-----------------------
Same can be done at webgui,
create a data group * Navigate to Local Traffic -> irules -> Data Group List
Create a new Datagroup of type Address and add the hosts/network of your interested sources and finish
create an irule and associate it with the data group
- Navigate to Local Traffic -> irules -> irule list
Create an irule with below code
when HTTP_REQUEST {
if { ![matchclass [IP::remote_addr] equals $::DG1] } {
drop
}
}
}Associating the irule with new virtual server
- Navigate to Local Traffic -> Virtual Servers -> Virtual Server List
Create your new virtual server and associate this irule under Resources tab of your new virtual server.
Hope this will help you.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com