F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Igor430's avatar
Igor430
Icon for Altostratus rankAltostratus
Dec 01, 2017

Virtual Server to pool with 3 source IPs on all ports and everyone else on 1 port

Hello, I am trying to build a virtual server which allows 3 specific source network subnet addresses to a pool on all ports, while allowing everyone else access on port 80 only. It seems like I will ...
iRules
LTM
security
Stefan_Klotz's avatar
Stefan_Klotz
Icon for Cumulonimbus rankCumulonimbus
Dec 01, 2017

Hi Igor,

sounds like an any VS with an any pool behind, meaning the incoming destination port will just be forwarded to the poolmembers. And yes you need an iRule for this, which checks if the destination port is not 80 and the sourceIP is not one of your three subnets. Then it should drop the connection, else allow it. For more flexibility I recommend to use a Data Group List from type address with name "allowed_subnets" and put your three subnets in it. Then use an iRule like this (not proven):

when HTTP_REQUEST {
    if { ([TCP::local_port] ne 80) && ([class match [IP::client_addr] ne "allowed_subnets"]) } {
        drop
    }
}

In case above mentioned iRules does not work directly, I hope this points you in the right direction.

Ciao Stefan 🙂