GeoIP Irule - what to do

Question

hello together,&nbsp;
we have an virtual server with his irule.
Now we only want to allow access to this pool / server from poland and germany.&nbsp;
1) how can i solve this ?
2) the irule:&nbsp;
when HTTP_REQUEST {
   set lowerURI [string tolower [HTTP::uri]]
         switch [HTTP::host] {
"www.xxxx.com" { 
'a lot of if / elseif questions if starts with -&gt; use pool etc) '
and the last else:
else {
        pool www_xxxx_com_80
if {$debug}{log local0. "WEB: Client: [IP::client_addr]:[TCP::client_port]  LB to:  [LB::server addr]"}
return}
}
}
}&nbsp;
Could someone help me ?
And did i have to configure something before on our BigIP to get GEO IP Filter to run ?&nbsp;
We have an 5200 with BIG-IP 11.5.1 Build 3.0.131 Hotfix HF3 &nbsp;

dormelchen_2406 · Answer

maybe this ?
    when CLIENT_ACCEPTED {  
if {not ([whereis [IP::client_addr] country] eq "DE" or "PL")}{  
reject  
}  
}  
when HTTP_REQUEST {  
set lowerURI [string tolower [HTTP::uri]]  
switch [HTTP::host] {  
"www.xxxx.com" {

?

iheartf5_45022 · Answer

I don't think 'if' will work like that but you have the right idea about using CLIENT_ACCEPTED.  Try - this - 'if' would work too,  but I just like 'switch';-
when CLIENT_ACCEPTED {
   switch [whereis [IP::client_addr] country] {
      "DE" -
      "PL" {
          Allowed countries - do nothing
      }
      default {
         reject
      }
   }
}

dormelchen_2406 · Answer

is there any possibility to add an FQDN to the rule ?&nbsp;
like DE and PL are allowed AND for example FQDN www.google.de ?&nbsp;
thanks&nbsp;

Forum Discussion

GeoIP Irule - what to do

3 Replies

Recent Discussions

Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP

Help with URL Masking

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

Related Content

Does LTM support external GeoIP Database?

iRule GeoIP Targeting

GEOIP redirection irule

iRULE regsub error

GTM irule with geoip