Whitelisting inboud subnet range in F5 using irule

Question

Hi,Is ther any option to whitelist inbound client subnet range via F5 irule for&nbsp; a VS.Tried below irule , but highlighted underlined is not taking.when HTTP_REQUEST {if { [HTTP::host] contains "gree.lab.ae" } {if { [IP::client_addr] equals "X.X.X.X/29"]&nbsp; } {# log local0. "client with [IP::client_addr] on url [HTTP::host][HTTP::uri] Accepted"} else {droplog local0. "client with [IP::client_addr] on url [HTTP::host][HTTP::uri] Denied"}}}&nbsp;

nikoolayy1 · Answer

You can just see the article&nbsp;How to match subnet of the client IP in iRule (f5.com)&nbsp;an better use data groups (class (f5.com)). Also better log outside of the "if else" the client IP address that the F5 device sees as if there is proxy or nat device before the F5 device it&nbsp; is normal that TCP ip address will not match and better try adding XFF header and matching it.
&nbsp;
Solved: IP Filtering using Xff-clientip in iRule - DevCentral (f5.com)

felix214 · Answer

See&nbsp;https://community.f5.com/t5/technical-forum/f5-whitelisting-allowing-a-specific-range-of-traffic-to-vs/td-p/195967&nbsp;myccpay.com

Forum Discussion

Whitelisting inboud subnet range in F5 using irule

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Using Client Subnet in DNS Requests

Global Blacklist or Whitelist

Remove subnet from NAT pools without any impact

Implementing Client Subnet DNS Requests

Implementing Client Subnet in DNS Requests

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS