Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

local traffic policy operand for source ip address?

11.5.1 HF7.

Only licensed for LTM... am I missing something here?

Just want to whitelist a small list of networks and block access to the rest for a specific vip. Yes I know I can use an irule, an irule with a data group, or a packet filter. http class seemed to be an easy way to do this in a more structured, easy to edit for those less experienced way. Those gave way to local traffic policies, but I can't seem to find an operand for that.

Do I need to upgrade, or is this sort of thing moved into a different module now? Or are my choices irules or packet filters?

thanks!

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi Antonio,

You should be able to put the source addresses into the source field in the Virtual Server.

Thanks, Stewart.

0
Comments on this Answer
Comment made 02-Apr-2015 by Antonio Varni 129
Thanks - this is a small list of netblocks though, not a single one.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I don't think this is possible with a local traffic policy. There are no IP-based operands. I see that the TCP operand has an "address" selector (v11.6) but there is no documentation on it's use and I recieved an error attempting to configure it with an IP address. It's down to packet filter, iRule, or AFM if you're licensed for that.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi, tried with 11.6 HF6, I'm not sure but quite sure that's working on 11.5 also. Configured a policy that matches TCP Address AND some specific URI (If you wish to do that, like in my case).Image Text The policy must include HTTP and TCP operands and forwarding "reset" action, or you can change URI or HOST or whatever :)

0