Forum Discussion

F5_LB_Eng's avatar
F5_LB_Eng
Icon for Cirrostratus rankCirrostratus
Sep 24, 2013

restrict access Irule needed

note- this url - abc.f5.corp.net should access from the servers from usahvmfla721 and usahvmfla722 .. "usahvmfla721 - 10.1.11.49 usahvmfla722 - 10.1.11.50..   i feel we can create one class and ...
application delivery
design
devops
iRules
sap
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Sep 24, 2013

It's a little unclear what you're trying to do, so I'll assume you only want to allow access the URL/VIP (abc.f5.com) from the two listed addresses - and that you want to use a data group to store those addresses. If that's the case:

  1. Create an address-based data group. Example (my_ip_datagroup):

    10.1.11.49 mask 255.255.255.255 
10.1.11.50 mask 255.255.255.255

  2. Create an iRule like this:

    when CLIENT_ACCEPTED {
    if { not ( [class match [IP::client_addr] equals my_ip_datagroup] ) } {
        reject
    }
}

You could also do this in a packet filter rule and prevent the 3-way handshake that the above iRule will allow.