Forum Discussion
hooleylist
Jan 24, 2012Cirrostratus
Here's a positive example:
when CLIENT_ACCEPTED {
Get the country client IP
switch [whereis [IP::client_addr] country] {
US -
CA -
MX {
set allowed 1
}
default { set allowed 0 }
}
}
when HTTP_REQUEST {
if {$allowed == 0}{
HTTP::respond 403 content {Blocked!}
}
}
And here's a negative example:
when CLIENT_ACCEPTED {
Get the country client IP
switch [whereis [IP::client_addr] country] {
"CN" -
"RU" {
set allowed 0
}
default { set allowed 1 }
}
}
when HTTP_REQUEST {
if {$allowed == 0}{
HTTP::respond 403 content {Blocked!}
}
}
If you don't need to send an HTTP response you can use reject to reset the TCP connection:
when CLIENT_ACCEPTED {
Get the country client IP
switch [whereis [IP::client_addr] country] {
"CN" -
"RU" {
Reset the TCP connection
reject
}
}
}
Aaron