Forum Discussion

Joern_Oltmann's avatar
Joern_Oltmann
Icon for Nimbostratus rankNimbostratus
Feb 11, 2013

Restrict Access for outgoing connect

Hi all,   one question. My internal App-Server use Google Maps. So i would like to restrict only the Google Network for these Server. My first idea, a outgoing virtual Server on my Big IP. That w...
application delivery
dev
devops
iRules
What_Lies_Bene1's avatar
What_Lies_Bene1
Icon for Cirrostratus rankCirrostratus
Feb 12, 2013
OK, I think this covers it. Let me know if I need to restrict the two servers to port 80 only; 


addresses/networks of the hosts you'd like to allow access to for a 
particular source

when CLIENT_ACCEPTED {
 Is this the app server?
 if { [IP::addr [IP::client_addr] equals 1.1.1.1] } {
  Is it going to a Google IP?
  if { not [class match [IP::local_addr] equals destination_ips] } {
   If not, reject the traffic
   reject
   Stop processing the rule
   return
  }
 }
 Is this one of the servers with full access?
 elseif { [IP::addr [IP::client_addr] equals {11.1.1.1 or 11.1.1.2}] } {
  Stop processing the rule (allow the traffic to anywhere)
  return
 }
 else {
  Reject the traffic if there is no match above
  reject
 }
}