Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Virtual server with Private IP subnet and Geo location as source

We have requirement to match and allow the Private IP subnet and Geo location of QA for the virtual servers. I tried using the below Irule. Though the same is not working as only the first clause of the Irule is matched and remaining traffic is always discarded. Please help..

when CLIENT_ACCEPTED { if {([class match [IP::client_addr] eq private_net]) } { return } if { ([whereis [IP::client_addr]country] contains "QA") }{ return } else { discard } }

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi Arjun,

for further troubleshooting you may add some log lines to your iRule, to see whats going on behind the scene...

when CLIENT_ACCEPTED { 
    if { [class match [IP::client_addr] eq private_net] } then { 
        log local0.debug "Allowing connection from Private IP=[IP::client_addr]"
        return 
    } elseif { [whereis [IP::client_addr] country] contains "QA" } then { 
        log local0.debug "Allowing connection from from IP = [IP::client_addr] with Geo Location = [whereis [IP::client_addr] country]"
        return 
    } else { 
        log local0.debug "Discarding connection from IP = [IP::client_addr] with Geo Location = [whereis [IP::client_addr] country]"
        discard 
    }
}

Cheers, Kai

0