F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Ashu_Aggarwal's avatar
Ashu_Aggarwal
Icon for Cirrus rankCirrus
Sep 18, 2020

Restrict access to VS by ip & time

I have to restrict access to a VS by IP & time. So during a particular window (time/day) only specific ip ranges should be allowed to access that vs. Can someone please guide how to do that on a LTM....
application delivery
iRules
LTM
Enes_Afsin_Al's avatar
Enes_Afsin_Al
Icon for MVP rankMVP
Sep 18, 2020

Hi Ashu Aggarwal,

Create a datagroup for always allowed IPs.

Try this iRule:

when RULE_INIT {
	array set static::timerange { #change time
		Monday {"08:30" "20:00"}
		Tuesday {"08:30" "20:00"}
		Wednesday {"08:30" "20:00"}
		Thursday {"08:30" "20:00"}
		Friday {"08:30" "20:00"}
		Saturday {}
		Sunday {}
	}
}
 
when HTTP_REQUEST {
	if { not [class match [IP::client_addr] equals dg-allowed-ip-list-name] } { #change dg name
		set now [clock seconds]
		set current_day [clock format $now -format {%A}]
		set start [lindex $static::timerange($current_day) 0]
		set end [lindex $static::timerange($current_day) 1]
		
		if { ($start ne "") && ($end ne "") && ($now >= [clock scan $start]) && ($now < [clock scan $end]) } {
			set denied 0
		} else {
			set denied 1
		}
		
		unset start end
	} else {
		set denied 0
	}
 
	if { $denied } {
		drop
	}
}
Ashu_Aggarwal's avatar
Ashu_Aggarwal
Icon for Cirrus rankCirrus
Oct 14, 2020

 : I got the permission to try this i-rule tonight. Just quick question, from where this i-rule will pick the clock/time? Would it pick the time from system clock?

Thanks