Forum Discussion

Nimbostratus

Jun 16, 2009

Need to permit a list of hosts

So I am sure that I can create an iRule that simply blocks a single host via when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 10.10.10.10] } { pool my_pool } else { ...

Cirrostratus

Jun 16, 2009

Hi,

You can use a datagroup and the matchclass command (Click here😞

 
 when CLIENT_ACCEPTED { 
  
     Check if client IP is not defined in the allowed_clients datagroup 
    if { not ([matchclass [IP::client_addr] equals $::allowed_clients]) } { 
  
        Drop further packets from the client 
       drop 
    } 
 }

If a client doesn't get dropped the VS's default pool will be used.

Aaron

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Need to permit a list of hosts

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

F5 NGINX HTTP Request Header Rules: What’s Permitted and What’s Not

(HTTP) Redirection via Arbitrary Host Header

DevCentral Connects hosts Capture the Flag!

Rewrite Host Header to Server Name

host header in F5

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS