IP Restriction
1 TopiciRule for IP restriction with multiple virt servers and multiple DGL of allowed IPs.
I have read through a multitude of threads, but my scenario seems a little unique. A little background so it all makes sense. We serve multiple customers with their own site, each site is a virt server and arte using the header to match rather than a single IP per. Each customer has a unique data group list of allowed IP's. We did not want a single list of allowed IP's in case a customer was emailed an incorrect URL by mistake, or just started browsing other dns records for the domain etc. We are changing our monitoring company and I would like to have a second data group list of IP's that are allowed so that any time there is a change for a source IP of monitoring, one of our offices etc, we don't have to touch 100 lists. The current iRule we are using is: when HTTP_REQUEST priority 100 { # This iRule will check if the client request is SITE.DOMAIN.COM and the client source IP is NOT a member of the datagroup specified which is a list of allowed IPs # If the client ip address is matched to the list of allowed IPs then it will bring up the web page, if it isnt, then it will bring up the COMPANY IP Forbidden Page. if { ( [string tolower [HTTP::host]] equals "1000-t01.DOMAIN.COM" ) and not ( [class match [IP::client_addr] equals COMPANY-1000-CUSTOMER-DG-Allow ] ) } { # log local0."Invalid CUSTOMER client IP: [IP::client_addr] - Blocking traffic" HTTP::respond 200 content [ifile get COMPANY_ip_forbidden] after 50 drop event disable } } How do I add the second data group, and allow if the source IP is in either of the two data groups?524Views0likes2Comments