NimbostratusI am running an LTM/ASM version 11.5.4. Recently an RDP virtual server was setup. Intention is to limit the IP addresses. Only few IP addresses are allowed access to this VS. The ASM module seems to support only policies for HTTP and HTTPS. Does someone have an alternative to building an Irule that limits the IP addresses ?
MVPHi Willy,
you may use one of the iRules below...
IP::addr based iRule:
The IP::addr based syntax is ideal, if just a few IPs or Subnets are requiring access (less than 5).
when CLIENT_ACCEPTED {
if { ( [IP::addr [IP::client_addr] equals "10.0.0.0/8"] )
or ( [IP::addr [IP::client_addr] equals "172.16.0.0/12"] )
or ( [IP::addr [IP::client_addr] equals "192.168.0.0/16"] ) } then {
Allow the request
} else {
reject
}
}
/ data-group based iRule:[class]
The
[class]iRule:
when CLIENT_ACCEPTED {
if { [class match [IP::client_addr] equals DG_ALLOWED_RDP_CLIENTS] } then {
Allow the request
} else {
reject
}
}
Data-Group:
ltm data-group internal DG_ALLOWED_RDP_CLIENTS {
records {
10.0.0.0/8 {}
172.16.0.0/12 {}
192.168.0.0/16 {}
}
type ip
}
Cheers, Kai
NimbostratusHello Kai,
Thank you for the quick and adequate responses. I will move on with the info received from you.
Thanks, Willy
MVPYou're welcome! ;-)
Cheers, Kai