Forum Discussion

Nimbostratus

Dec 05, 2012

Permit only North American network blocks

Is it possible to only permit North American netowrk bloks to an F5 hosted site (or VIP)? I would get the list for Canada, US and Mexico from here: http://www.ipdeny.com/ipblocks/. Then massage it ...

Cirrostratus

Dec 05, 2012

Hi Philippe,

This should be very simple using the whereis command to query the client IP address in the inbuilt GeoIP database:


 https://devcentral.f5.com/wiki/iRules.whereis.ashx
when CLIENT_ACCEPTED {

if {not ([whereis [IP::client_addr] continent] eq "NA")}{
reject
}
}

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

F5 Architecture Track Sessions - AppWorld 2026

DevCentral News

announcement

Appworld2026

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Permit only North American network blocks

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

The GSLB pool is providing an incorrect IP to end users

iRule causing requests to be duplicated (sometimes)

Cisco TACACS+ Config on ISE LTM Pair

Related Content

F5 NGINX HTTP Request Header Rules: What’s Permitted and What’s Not

What is Multi-Cloud Networking?

F5 Distributed Cloud for Global Layer 3 Virtual Network Implementation

Demo Guide & Video Series for F5 Distributed Cloud Network Connect (Multi-Cloud Networking)

American Suzuki Case Study with F5 Networks

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS