Nimbostratus
could you please help me to find a way to restrict access to virtual server for some countries using irule and GEOLocation Data Base .
thank you
Mbamusa
Nimbostratus
you can find more info on how to use this on: http://devcentral.f5.com/wiki/iRules.whereis.ashx
AltostratusNimbostratus
Cirrostratus
when CLIENT_ACCEPTED {
Get the country client IP
switch [whereis [IP::client_addr] country] {
US -
CA -
MX {
set allowed 1
}
default { set allowed 0 }
}
}
when HTTP_REQUEST {
if {$allowed == 0}{
HTTP::respond 403 content {Blocked!}
}
}And here's a negative example:
when CLIENT_ACCEPTED {
Get the country client IP
switch [whereis [IP::client_addr] country] {
"CN" -
"RU" {
set allowed 0
}
default { set allowed 1 }
}
}
when HTTP_REQUEST {
if {$allowed == 0}{
HTTP::respond 403 content {Blocked!}
}
}If you don't need to send an HTTP response you can use reject to reset the TCP connection:
when CLIENT_ACCEPTED {
Get the country client IP
switch [whereis [IP::client_addr] country] {
"CN" -
"RU" {
Reset the TCP connection
reject
}
}
}Aaron
Employee
[root@ve1023:Active] config b rule myrule list
rule myrule {
when CLIENT_ACCEPTED {
switch [whereis [IP::client_addr] country] {
CN -
RU { drop }
default {
do something else
}
}
}
}
mbamusa
Nimbostratus
i tried hoolio's Irule and it's working perfect thank you all for your kind support .
mbamusa
CirrostratusI think iRule take a lots of resources, you should try the ASM geolocation feature before u make up your mind on iRule. The detailed write is here.
Cheers