Http Https Single Virtual Server Question

Question

I have configured the Http Https Single Virtual Server iRule found at http://devcentral.f5.com/wiki/default.aspx/iRules/HttpHttpsSingleVirtualServer.html and it works awesome.  My question is, what (and where) would I add to this to limit it by the connecting IP address?&nbsp;
&nbsp;Thanks for the help!&nbsp;
&nbsp;Shawn&nbsp;

james_quinby_46 · Answer

You want to restrict access to the virtual server by IP address? Just want to make sure I understand what your endgame is here....

hooleylist · Answer

Hi Shawn, 
  
 At the start of the CLIENT_ACCEPTED event, you can add a check of the client IP against a datagroup of allowed clients:

when CLIENT_ACCEPTED {

Save the VIP name, client IP:port as a log prefix to make the log lines shorter
   set log_prefix "[IP::client_addr]:[TCP::client_port]"

Check if client IP is not in the allowed clients class
   if {not [matchclass [IP::client_addr] equals $::allowed_clients_class]}{

if {$::single_vs_debug}{log local0. "$log_prefix: Rejecting connection from disallowed client IP"}

Send a TCP reset
      reject

Disable further iRule processing
      event disable all
   }

Aaron

james_quinby_46 · Answer

....or that will work. O_o

Forum Discussion

Http Https Single Virtual Server Question

3 Replies

Recent Discussions

Need advise to setup a policy on F5

Web acceleration

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Related Content

Multiple URIs redirect to single URL

APM IP Subnet Match - single IP list

Question about irules and Virtual servers and caching of irules

Standalone BIG-IQ Upgrade Question

BIG IP VE on a single network