Forum Discussion
Martin182
Nimbostratus
NimbostratusLimit source address without address list
Hi guys ! Happy New Year ! I am struggling with the configuration of 2 redundant VS in different data centers, I need to limit the source addresses that will be able to connect to these VS. In one ...
JoseLabra
MVP
MVPHii
You can try with a iRule associate to the VS
Example:
when HTTP_REQUEST {
set client_ip [IP::client_addr]if { [IP::addr $client_ip equals 10.10.10.0/24] } {
log local0. "Allowed traffic from $client_ip"
} else {
log local0. "Blocked traffic from $client_ip"
reject
}
}
Best Regard
- Martin182
Oh sorry, its a TCP VS, forget to indicate that
- zamroni777
Nacreous
you can change JoseLabra irules to use "when CLIENT_ACCEPTED {...".
instead of irules, you can also use gui based local traffic policy better managebility
https://techdocs.f5.com/en-us/bigip-15-1-0/big-ip-local-traffic-management-getting-started-with-policies/introducing-local-traffic-policies.html#GUID-362BEFCA-726C-43FE-80E7-B29ABD4929AC
