Need iRule for specfic sources to specfic ports going to the Same VS for Proxy LB
Access Control Based on specfic sources to specfic ports going to the Same VS for Proxy LB
Our company has tons of security restrictions so I would need to be specific with certain sources only going to specific ports. This would always be going to the same destination, which is the F5 VIP of proxy pool. Everything else would get denied.
We have proxy servers that we want to create a wild card virtual server which listens for all ports. Then we want to create\modify your script to specify which sources can access the vip on which ports. We have about 100 forwarders that traverse the proxy and 75 socks, ftp & sftp connections.
I would also like to explicitly reference multiple sources (can I do this with “,” or “;” instead of classes? Seems like it would be easier to put it all in the script then have many classes –what are your thoughts on this?)
I’m thinking for every source\port connection I copy and modify the code over and over, making sure to add granular descriptions of each one as I go. I just need to get the initial code together first before I can duplicate it for all my connections. I’m expecting this to be a very big file.
***
So as a sample for basic code I need to allow the following:
1. Blackberry Servers for LB to proxy
Blackberry sources:
111.111.111.111
112.112.112.112
113.113.113.113
Port:
3101
(what if I wanted to add multiple ports –hypothetically 22)
Destination:
F5 VIP of Proxy pool
***
(I’m assuming there will be some if statement between each acl)
***
2. Misc App Servers for LB to proxy
Misc app sources:
114.114.114.114
115.115.115.115
116.116.116.116
Port:
1212
Destination:
F5 VIP of Proxy pool
***
Then I would copy the above code for all my connections
At the end I would deny everything else.
***
I don’t think I need the admin _datagroup since all connections will be restricted