Restrict access to VIP by source IP address

Question

Afternoon, 
&nbsp;  
&nbsp; I want to restrict access to a vip to only certain IP addresses, I have done that with the following iRule ( I took it from this forum) 
&nbsp;  
&nbsp; when HTTP_REQUEST { 
&nbsp; if { [IP::client_addr] eq "192.168.0.30" || [IP::client_addr] eq "192.168.3.10" || [IP::client_addr] eq "192.168.4.13" || [IP::client_addr] eq "192.168.5.16" } { 
&nbsp; pool testapps2s 
&nbsp; } else { 
&nbsp; HTTP::respond 200 content "Not AllowedYou are not allowed to access this site!" 
&nbsp; } 
&nbsp; } 
&nbsp;  
&nbsp; I want to add 3 different subnets to the above IPs (say 192.168.7.0, 192.168.9.0 and 102.168.12.0).  How would I accomodate that in the iRule - I am a novice when it comes to this so any help would be appreciated. 
&nbsp;  
&nbsp; Thanks  
&nbsp;

hoolio · Answer

Hi, 
&nbsp;  
&nbsp; It would be more efficient and easier to use an address type datagroup and the matchclass command (Click here) to do this.  Try searching the forum for address type datagroup for more info. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Restrict access to VIP by source IP address

Recent Discussions

F5 LTM listening on 3306

SNI Sites not taking correct certificate.

How to implement LTM forward proxy client to determine the diversion pool based on the domain name

irule to enable http/2 acceleration

VS FORWARDING & ROUTE

Related Content

Irule for restricting access

Restricting access to a virtual server by Public IP address should access through only domain name.

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

Restricting direct access from public IP

Restrict Access to Exchange Administrative Center - Enhanced

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS