Forum Discussion

Cirrus

Jan 10, 2018

URGENT: Need iRule to block non-US IP's and allow private addresses...

We have an urgent need to block non-US IP addresses but allow our internal private addresses. We are very new to iRules and have come up with the example below, but it is blocking out internal private addresses. Any assistance is appreciated.

when CLIENT_ACCEPTED { if {not ([whereis [IP::client_addr] country] eq "US") or not ([class match [IP::remote_addr] equals private_net]} } {reject} }

application delivery

BIG-IP

iRules

Stanislas_Piro2
Cumulonimbus
Jan 10, 2018
It’s a logical issue

Replace or by and

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

URGENT: Need iRule to block non-US IP's and allow private addresses...

Recent Discussions

Can i apply ddos profile on virtual server using port range

I used the wrong email account when take Application Delivery Exam (101)

F5 iControl REST API - viewBy Parameter Issue in Analytics Report

'F5 rules for AWS WAF' ruleset not working for jsp web shell attack

Disable ssl or https for the embed url

Related Content

F5 Cloud Failover Extension (CFE), private endpoints, and custom DNS

Need Urgent BIGIP Trial License and VM Image

one private ip nat with 40 public ip address

Using F5 Distributed Cloud private connectivity orchestration for secure multi-cloud infrastructure

Generate private key w/ CSR via iControl REST

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS