Justin_S
Apr 11, 2014Nimbostratus
GeoIP Whitelist iRule
I have been working on a GeoIP whitelist rule to filter traffic to a website. I created a very basic rule but it's not scalable and even less efficient. What I am trying to accomplish is referencing a data group allowed_country that I can add country codes to allowing access. Also I do not want to block traffic from RFC1918 private IP space so I would also want to add those. Any suggestions or assistance would be much appreciated.
when CLIENT_ACCEPTED {
if {not ([whereis [IP::client_addr] country] eq "allowed_country")}{
do nothing
} elseif { [IP::addr [IP::client_addr] equals 10.0.0.0/8] } {
do nothing send to default pool
} elseif { [IP::addr [IP::client_addr] equals 172.16.0.0/12] } {
do nothing
} else {
reject
}
}