Block destination IP by source IP

Question

Hi guys I need your help!! &nbsp;we want to bypass some destination IP by source IP [our site using ssl fwd proxy]and is it possible ?&nbsp;someone have a iRule?? &nbsp;thank you

enes_afsin_al · Accepted Answer

Hi,Can you try this?when HTTP_REQUEST_SEND {
    # log local0. "Client IP = [IP::client_addr]"
    # log local0. "Server IP = [IP::server_addr]"
	switch -glob [IP::client_addr] {
		"1.2.3.4" -
		"10.12.*" {
			switch -glob [IP::server_addr] {
				"10.11.12.13" -
				"172.16.1.10" -
				"192.168.5.*" { reject }
			}
		}
		
		"172.16.11*" {
			switch -glob [IP::server_addr] {
				"10.100.*" -
				"192.168.100.*" { reject }
			}
		}
		
		"5.6.7.8" { reject }
	}
}

enes_afsin_al · Answer

mean of "-" is "or".switch -glob [IP::client_addr] {
	"1.2.3.4" -
	"10.12.*" { ... }
}The above code works like the following code.if { [IP::client_addr]  equals "1.2.3.4" or [IP::client_addr]  starts_with "10.12." } { ... }&nbsp;

neeeewbie · Answer

thank you!!! what is mean ""1.2.3.4" -" ??

neeeewbie · Answer

oh,, Thank you !!!

Forum Discussion

Block destination IP by source IP

4 Replies

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

Destination address at F5

Block traffic

domain blocking

Block IP after a number of ASM Blocks

ASM/WAF rate limit and block clients by source ip (or device_id fingerprint) if there are too many violations