Forum Discussion

Igor430's avatar
Igor430
Icon for Altostratus rankAltostratus
Dec 01, 2017

Virtual Server to pool with 3 source IPs on all ports and everyone else on 1 port

Hello, I am trying to build a virtual server which allows 3 specific source network subnet addresses to a pool on all ports, while allowing everyone else access on port 80 only. It seems like I will need an irule. Any assistance would be much appreciated.

 

2 Replies

  • Hi Igor,

    sounds like an any VS with an any pool behind, meaning the incoming destination port will just be forwarded to the poolmembers. And yes you need an iRule for this, which checks if the destination port is not 80 and the sourceIP is not one of your three subnets. Then it should drop the connection, else allow it. For more flexibility I recommend to use a Data Group List from type address with name "allowed_subnets" and put your three subnets in it. Then use an iRule like this (not proven):

    when HTTP_REQUEST {
        if { ([TCP::local_port] ne 80) && ([class match [IP::client_addr] ne "allowed_subnets"]) } {
            drop
        }
    }
    

    In case above mentioned iRules does not work directly, I hope this points you in the right direction.

    Ciao Stefan 🙂

  • Hi Igor,

     

    no, I'm still sure && is correct here. Your requirements are:

     

    • port 80: allow everyone
    • all other ports: allow only for "allowed_subnets"

    The above mentioned if-statement checks, if the connection needs to be dropped. And that's the case if port is NOT 80 AND sourceIP is NOT from allowed_subnets. Just give it a try.

     

    Ciao Stefan :)