Forum Discussion
2 Replies
- Stefan_KlotzCumulonimbus
Hi Igor,
sounds like an any VS with an any pool behind, meaning the incoming destination port will just be forwarded to the poolmembers. And yes you need an iRule for this, which checks if the destination port is not 80 and the sourceIP is not one of your three subnets. Then it should drop the connection, else allow it. For more flexibility I recommend to use a Data Group List from type address with name "allowed_subnets" and put your three subnets in it. Then use an iRule like this (not proven):
when HTTP_REQUEST { if { ([TCP::local_port] ne 80) && ([class match [IP::client_addr] ne "allowed_subnets"]) } { drop } }
In case above mentioned iRules does not work directly, I hope this points you in the right direction.
Ciao Stefan 🙂
- Stefan_KlotzCumulonimbus
Hi Igor,
no, I'm still sure && is correct here. Your requirements are:
- port 80: allow everyone
- all other ports: allow only for "allowed_subnets"
The above mentioned if-statement checks, if the connection needs to be dropped. And that's the case if port is NOT 80 AND sourceIP is NOT from allowed_subnets. Just give it a try.
Ciao Stefan :)