18-May-2022 03:12 - edited 18-May-2022 03:15
We have wide-ip "abc01.example.com" which we want only to access from internal user (private ip)
Do we have iRule to drop only public ip and allow private ip on that wide-ip?
So when nslookup to "abc01.example.com" via public ip, F5 drop
and when nslookup to "abc01.example.com" via private ip, F5 allow
18-May-2022 03:18 - edited 18-May-2022 03:18
or can we create DNS pool with no member?
So I can create Topology LB and check for source IP,,
If Source IP is Private IP > choose Pool A
If Source IP is not Private IP > choose Pool B (Which have no member = return no IP)
I try to create pool with no member but F5 mark status down
You can create a data group with the subnets of your private network and then apply it to the listener, follow the next link to see the irule logic.
We can't do just that because we want to block public ip from only specific wide-ip (eg. abc01.example.com)
but user from public can resolve for abc02.example.com and more.
I think that we need iRule that check if client IP is private or not and also check if those client access to abc01.example.com or not.
if client not eq [private_ip_datagroup] && try to resolve wideip [abc01.example.com]
Not sure if there is that irule though