Forum Discussion

Nimbostratus

Jul 30, 2012

Source IP restriction without HTTP profile

Hello, I have to create a irule or find any other way. Scenario, I am managing 2 Juniper SA 2500 (SSL VPN) devices in active/active clustering. Each client has their own sub-urls ...

Cirrocumulus

Jul 30, 2012

Tika,

I think I'd create a data group of allowed source ips and then query on this and the URI.

Eg.

 
when CLIENT_ACCEPTED {
    if { [class match [IP::client_addr] not equals allowed_nets ] and [[HTTP::uri] starts_with "abc" ] } {
        reject
    }
}

Would this work for you?

Recent Discussions

ports are showing open on online scanning tool
Dec 26, 2024
Pooja_Varekar208
Upgrade F5 BIGIP
Dec 26, 2024
Ollie_Alderson
DNS HM Probe issue
Dec 26, 2024
mustansirt
Is XFF a must for ASM WAF DoS
Dec 26, 2024
Emil_Tr
Switch ssl profile based on weak cipher detection via IRULE
Dec 26, 2024
aliasgar215

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Source IP restriction without HTTP profile

Recent Discussions

ports are showing open on online scanning tool

Upgrade F5 BIGIP

DNS HM Probe issue

Is XFF a must for ASM WAF DoS

Switch ssl profile based on weak cipher detection via IRULE

Related Content

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

DoS Profiles

Client SSL Profile

Activate serverssl profile in iRule

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS