Restricting access using irule

Question

Is it possible to create an irule to restrict access to a certain ip range/hosts? I created a data group list containing a number of hosts ip addresses; need some help to create the irule. Can it look like this one? 
&nbsp;  
&nbsp; when CLIENT_ACCEPTED { 
&nbsp; if { [matchclass [IP::remote_addr] equals $::mylist] } { 
&nbsp; pool my_pool 
&nbsp; } else { 
&nbsp; discard

hooleylist · Answer

Hi there, 
  
 That would work fine.  Just make sure to use an address type datagroup (called a class in the bigip.conf).

when CLIENT_ACCEPTED { 
    if { [matchclass [IP::remote_addr] equals $::mylist] } { 
       pool my_pool 
    } else { 
       discard 
    } 
 }

Aaron

sbadea_81872 · Answer

Thanks. It worked just fine.

fotios_30046 · Answer

This rule is just what I was looking for, however what if the data group contained networks instead of hosts.  Can this same irule work?

fotios_30046 · Answer

I tried it out and it works perfectly.  I only adjusted the when CLIENT_ACCEPTED to when HTTP_REQUEST so that we could redirect them if they didn't meet the match.

miguel_61461 · Answer

how do you define "mylist" ?  
&nbsp; Inside the irule or using the Data Group List ? 
&nbsp; I tried to use it inside the irule, but did'nt found the right syntax. Then I used it in the Data Group List, but it's not easy to insert, when you have many datas to insert.

Forum Discussion

Restricting access using irule

6 Replies

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

Irule for restricting access

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

Office 365 Tenant Restrictions

Restricting access to a virtual server by Public IP address should access through only domain name.