Forum Discussion
mbamusa_59409
Nimbostratus
Jan 24, 2012Restrict Access based on country using LTM or ASM
hi all;
could you please help me to find a way to restrict access to virtual server for some countries using irule and GEOLocation Data Base .
thank you
Mbamusa
hoolio
Cirrostratus
Jan 24, 2012Here's a positive example:
when CLIENT_ACCEPTED {
Get the country client IP
switch [whereis [IP::client_addr] country] {
US -
CA -
MX {
set allowed 1
}
default { set allowed 0 }
}
}
when HTTP_REQUEST {
if {$allowed == 0}{
HTTP::respond 403 content {Blocked!}
}
}
And here's a negative example:
when CLIENT_ACCEPTED {
Get the country client IP
switch [whereis [IP::client_addr] country] {
"CN" -
"RU" {
set allowed 0
}
default { set allowed 1 }
}
}
when HTTP_REQUEST {
if {$allowed == 0}{
HTTP::respond 403 content {Blocked!}
}
}
If you don't need to send an HTTP response you can use reject to reset the TCP connection:
when CLIENT_ACCEPTED {
Get the country client IP
switch [whereis [IP::client_addr] country] {
"CN" -
"RU" {
Reset the TCP connection
reject
}
}
}
Aaron
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects