Forum Discussion

Nimbostratus

Jul 01, 2019

Restrict Source IPs iRule

Hi all Forgive what may be such an easy iRule question but unfortunately my experience with them is rather limited and time is of the essence. We have an iRule which looks to be doing something w...

Nacreous

Jul 01, 2019

You need some logic within the CLIENT_ACCEPTED Event for this. Something like this for a single IP.....this will look for a connection from 10.10.10.10 and apply a different SSL profile. All other connections will used the default config of the VIP

when CLIENT_ACCEPTED {     
  if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
     SSL::profile new_clientssl
 }
}

You can expand out for look for a subnet

when CLIENT_ACCEPTED {     
  if { [IP::addr [IP::client_addr] equals 10.10.10.0/24] } {
     SSL::profile new_clientssl
 }
}

or use a DataGroup if you want to....

when CLIENT_ACCEPTED {     
    if { [class match [IP::client_addr] equals source_ip] } {  
		SSL::profile new_clientssl
	}
}

Forum Discussion

Restrict Source IPs iRule

Recent Discussions

Find GSLB pool membership from vip IP

Pool Members communication with B-party via F5 VIP

Server 2 causing application slowness

F5Access | MacOS Sonoma

AS3 Deployments (shared objects)

Related Content

Irule to insert source IP in UDP payload

iRule assistance based on URI and source address

iRule - Restricting IP addresses for a portion of URI

Restrict Traffic To VIP By Subnet

Capturing source IP addresses for VIP