For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Carl_20170911's avatar
Carl_20170911
Icon for Nimbostratus rankNimbostratus
Jan 18, 2020

Restrict access to virtual server by IP address and client certificate authentication

I am currently implementing F5 LTM. I want to restrict access to virtual server by IP address and  client certificate authentication.   If the client's IP is not in the address list, then the cl...
application delivery
BIG-IP
LTM
Carl_20170911's avatar
Carl_20170911
Icon for Nimbostratus rankNimbostratus
Jan 21, 2020

I have tried the following irule but not work.

 

when CLIENT_ACCEPTED {

set redir 0

if { ! [class match [IP::client_addr] eq EISAllow] } {

log local0. "Dropped connection: client IP [IP::client_addr] is blacklisted."

SSL::enable

set sslenable 0

set redir 1 

SSL::profile Client_Cert_Auth_Policy

#drop

}

  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Jan 27, 2020

    you would enable a profile with SSL client auth by default. not enable it in the iRule.