script for port 443 and 50000-59999

Question

Hello forum, 
&nbsp; I have an iRule as below: 
&nbsp;  when CLIENT_ACCEPTED {  
&nbsp;     if {  [TCP::client_port] &lt; 50000 or  [TCP::client_port] &gt; 59999}{  
&nbsp;        drop  
&nbsp;     }  
&nbsp;  }  
&nbsp;  
&nbsp; This will allow ports 50000-59999 to be served. I also have port 443 need to serve too. 
&nbsp;  
&nbsp; Does this iRule works on 443 and 50000-59999 ports? 
&nbsp; I think it works well for port 50000-59999, but I don't know how to get it works for port 443 also. 
&nbsp; Help please. 
&nbsp; Thanks,

hoolio · Answer

I think you want to check TCP::local_port not TCP::client_port.  TCP::client_port is the source port. 
  
 You can check for the ports you want to allow using this: 
  
 ([TCP::local_port] &gt;= 50000 &amp;&amp; [TCP::local_port] &lt;= 59999) || [TCP::local_port] == 443) 
  
 And you can logically NOT that to drop everything else:

when CLIENT_ACCEPTED { 
  
     Check requested port 
    if { ! (([TCP::local_port] &gt;= 50000 &amp;&amp; [TCP::local_port] &lt;= 59999) || [TCP::local_port] == 443)}{ 
  
        Request was to an disallowed port, so drop it 
       drop 
    } 
 }

Aaron

Forum Discussion

script for port 443 and 50000-59999

Recent Discussions

How to Renew F5 Device Certificate

How to export a list of paired external service providers from APM?

BIG-IP Edge Endpoint Inspection Failure pre-VPN

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

Service discovery is not happening in AS3

Related Content

APM Optimisation Script

Passing Arguments to iCall Scripts

Introducing the single Installation script for F5 NGINX Instance Manager

Microsoft 365 IP Steering python Script

Mitigating OWASP Web Application Risk: Cross-Site Scripting (XSS) using F5 Advanced WAF

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS