Wild Card Virtual Server - multiple source restrictions

Question

Hi Folks&nbsp;
Not sure if an article on this is hiding around somewhere. I'm looking at doing some transparent proxying for one of our wireless networks. I'm using WCCP to get the traffic to the F5, and have setup a wildcard Virtual server listening on port 80 to send the traffic down to our proxies. &nbsp;
All of this is ok, except I need to be able to restrict the source address that the rule matches on to cover multiple networks that can't be summarised. &nbsp;
Is there a way through and iRule that this can be done, I can't see anyway of doing it through the GUI and the tmsh seems to just replace one source with another.&nbsp;

patrik_jonsson · Answer

Hi!
Create a datagroup, ie allowed_sources.
Then create an iRule dropping everything else:
when HTTP_REQUEST {

if { ![class match [IP::client_addr] equals allowed_sources ] } {
        drop
    }
}

/Patrik

nitass · Answer

can you try something like this? proxy_ip is ip type data group containing proxy ip address.
when CLIENT_ACCEPTED {
  if { [class match -- [IP::client_addr] equals proxy_ip] } {
    forward
  }
}

Forum Discussion

Wild Card Virtual Server - multiple source restrictions

2 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header

SSL Orchestrator Advanced Use Cases: Enabling GCloud Organization Restrictions

Integrating SSL Orchestrator with Fortinet FortiGate Virtual Edition as a Virtual Wire

Restricting access to a virtual server by Public IP address should access through only domain name.

multiple certificate on one virtual server