Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Whitelisting inboud subnet range in F5 using irule

Preet_pk
Altostratus
Altostratus

‎12-Jul-2022 07:28

Hi,

Is ther any option to whitelist inbound client subnet range via F5 irule for  a VS.

Tried below irule , but highlighted underlined is not taking.

when HTTP_REQUEST {
if { [HTTP::host] contains "gree.lab.ae" } {
if { [IP::client_addr] equals "X.X.X.X/29"]  } {
# log local0. "client with [IP::client_addr] on url [HTTP::host][HTTP::uri] Accepted"
} else {
drop
log local0. "client with [IP::client_addr] on url [HTTP::host][HTTP::uri] Denied"
}
}
}

 

Labels:
0 Kudos
2 REPLIES 2

Nikoolayy1
MVP
MVP

‎12-Jul-2022 07:59

You can just see the article How to match subnet of the client IP in iRule (f5.com) an better use data groups (class (f5.com)). Also better log outside of the "if else" the client IP address that the F5 device sees as if there is proxy or nat device before the F5 device it  is normal that TCP ip address will not match and better try adding XFF header and matching it.

 

Solved: IP Filtering using Xff-clientip in iRule - DevCentral (f5.com)

0 Kudos

Felix214
Nimbostratus
Nimbostratus

‎13-Jul-2022 03:34 - edited ‎13-Jul-2022 21:38

See https://community.f5.com/t5/technical-forum/f5-whitelisting-allowing-a-specific-range-of-traffic-to-... myccpay.com

0 Kudos
Copyright © 2023 Khoros, LLC