W__Tout_99150
Oct 17, 2006Nimbostratus
Restricting traffic to a range of source IPs
We need to restrict incomming traffic to a range of source IPs. Traffic not from the allowed range is to be rejected. The problem is not in the rejection but rather in what happens to connections that are to be rejected. Would they simply time out or would they hang? Is there a way to return a particular error message to the originator? The ideal solution would be to return an error message and then close the connection but how can we do that? How can the below iRule template be modified to get to the desired behaviour?
when HTTP_REQUEST {
LB local log, keep this one
log local0.NOTICE "*** Source ip is [IP::client_addr]"
if { [IP::client_addr] eq "IP1" || [IP::client_addr] eq "IP2" || [IP::client_addr] eq "IP3" || [IP::client_addr] eq "IP4" } {
log local0.NOTICE "*** Transfer to Pool mt1_pool"
pool mt1_pool
} else {
log local0.NOTICE "Not coming from an allowed source IP"
discard
}
}
Thanks