Limit source address without address list

Question

Hi guys ! Happy New Year !I am struggling with the configuration of 2 redundant VS in different data centers, I need to limit the source addresses that will be able to connect to these VS.In one of the data centers it is a simple task, I have created an address list and associated it to the VS. The problem is the other site, running an old version (v12) I do not have this functionality, I suppose there could be an alternative, but the truth is that I am quite lost.As always, any help is welcomeThanks, best regards

joselabra · Answer

Hii
You can try with a iRule associate to the VS
Example:
when HTTP_REQUEST {set client_ip [IP::client_addr]if { [IP::addr $client_ip equals 10.10.10.0/24] } {
log local0. "Allowed traffic from $client_ip"} else {log local0. "Blocked traffic from $client_ip"reject}}
&nbsp;
Best Regard

zamroni777 · Answer

you can change&nbsp;JoseLabra&nbsp;irules to use "when CLIENT_ACCEPTED {...".instead of irules, you can also use gui based local traffic policy better managebilityhttps://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-local-traffic-management-getting-started-with-policies/introducing-local-traffic-policies.html#GUID-362BEFCA-726C-43FE-80E7-B29ABD4929AC

martin182 · Answer

Oh sorry, its a TCP VS, forget to indicate that

Forum Discussion

Limit source address without address list

Recent Discussions

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

SSL bridging without SSL proxy forward

Should config via cli rather than gui?

Related Content

CSV to Address External Datagroup File

Ipv6 address

APM custom address space by client IP?

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

MAC address assignment in F5

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS