For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Brian_Mayer_841's avatar
Brian_Mayer_841
Icon for Nimbostratus rankNimbostratus
Nov 05, 2007

Restrict access to Virtual Servers based on IP address

Hi all,     We have some test sites going online soon and need them to be publicly accessible for some external testers. But we don't want the entire world to see the sites until they're ready ...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Nov 07, 2007
I think the issue is that you're testing this on a virtual server with a pool, but you're using the forward command. If you want the BIG-IP to load balance the requests, don't use the forward command. You actually don't have to do anything in the case that the client IP matches the IP's/networks in the datagroup. If the client IP doesn't match, then you want to send a reset back to the client using the reject command.

 

 

I'm not sure what cause the error when trying to add a datagroup using the iRuler. You might try posting the error and any other details in the iRuler forum for Joe to take a look at.

 

 

Datagroups (known as classes in the bigip.conf config file) are separate objects from rules. If you want to create another datagroup, you should be able to using the iRuler or in the admin GUI under Local Traffic >> iRules >> Datagroups.

 

 

Aaron