Forum Discussion
- frank_30469NimbostratusHello,
- ArieAltostratusmbamusa, can you work with Frank's answer or do you need additional information and/or help?
- mbamusa_59409Nimbostratusthank you Frank and Arie for the support , but could you please provide me an example (i.e. restrict access comes from China and Russia )
- hooleylistCirrostratusHere's a positive example:
when CLIENT_ACCEPTED { Get the country client IP switch [whereis [IP::client_addr] country] { US - CA - MX { set allowed 1 } default { set allowed 0 } } } when HTTP_REQUEST { if {$allowed == 0}{ HTTP::respond 403 content {Blocked!} } }
when CLIENT_ACCEPTED { Get the country client IP switch [whereis [IP::client_addr] country] { "CN" - "RU" { set allowed 0 } default { set allowed 1 } } } when HTTP_REQUEST { if {$allowed == 0}{ HTTP::respond 403 content {Blocked!} } }
when CLIENT_ACCEPTED { Get the country client IP switch [whereis [IP::client_addr] country] { "CN" - "RU" { Reset the TCP connection reject } } }
- nitassEmployeecan you try this?
[root@ve1023:Active] config b rule myrule list rule myrule { when CLIENT_ACCEPTED { switch [whereis [IP::client_addr] country] { CN - RU { drop } default { do something else } } } }
- nitassEmployeeoops! my page was not updated. Aaron's one is nicer. please follow his. :-)
- mbamusa_59409NimbostratusThank You All for your kind Support , i'll Try the IRule and I'll get back to you with the result .
- mbamusa_59409NimbostratusDear All;
- Vijith_182946Cirrostratus
I think iRule take a lots of resources, you should try the ASM geolocation feature before u make up your mind on iRule. The detailed write is here.