Simple IP restriction not working with /29 addresses

Question

BigIP version  BIG-IP 9.4.8 Build 355.0 Final  
&nbsp;  
&nbsp; Here is my simple rule: 
&nbsp;  
&nbsp; when HTTP_REQUEST { 
&nbsp;   if {[matchclass [IP::client_addr] equals $::IPs]}{ 
&nbsp;   } else { 
&nbsp;   HTTP::respond 403 content "403 - Forbidden" 
&nbsp;   log local0.info "ENV-BIGIP1500: Client Rejected IP:[IP::client_addr]" 
&nbsp;   discard 
&nbsp;   } 
&nbsp; } 
&nbsp;  
&nbsp; I have the datagroup like this: 
&nbsp;  
&nbsp; IPs 
&nbsp;  
&nbsp; x.x.x.38/255.255.255.248  (not really x's) 
&nbsp;  
&nbsp; When I try and come in I get a  
&nbsp;  
&nbsp; Mar 15 07:56:31 tmm tmm[1838]: Rule Bosp_IPs : ENV-BIGIP1500: Client Rejected IP:x.x.x.36 
&nbsp;  
&nbsp; in the logs. 
&nbsp;  
&nbsp; That /29 address should allow 33-38 addresses to come through...Any thoughts on what could be wrong?

the_bhattman · Answer

Hi Ryan, 
&nbsp;    x.x.x.38/255.255.255.248 doesn't really look valid for a /29 range.   Did you try changing it to x.x.x.32/255.255.255.248? 
&nbsp;  
&nbsp; I hope that helps 
&nbsp;  
&nbsp; Bhattman

Forum Discussion

Simple IP restriction not working with /29 addresses

Recent Discussions

Application only need to access from 2 uris

In Radius auth, how to allow second attempt of token input when the first input is incorrect?

AS3 Limitations

Unable to install firmware OS and drop at 10%

Statistics ›› Analytics : HTTP : Overview

Related Content

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

F5 iRule Geolocation restriction

Irule for restricting access

CSV to Address External Datagroup File

Restricting access to a virtual server by Public IP address should access through only domain name.

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS