Charles_Harris
Feb 02, 2007Nimbostratus
Internal Access Control via iRules.
Hi,
We have a requirement to control internal access to one of our services hosted behind a local VIP, I've mangled together the following (working) iRule but wondered if an expert could cast an eye and let me know of potential problems...
My concern is that the authorized client class (TST_ACL_DATA) could become very large (1000+) and I wondered if there was a better way of achieving the same result.
Thanks in advance!
-=ChaZ=-
-------------SNIP-------------
class TST_ACL_DATA {
"10.0.0.1"
"10.0.0.2"
"10.0.0.3"
}
when CLIENT_ACCEPTED {
if {![matchclass [IP::remote_addr] eq $::TST_ACL_DATA]} {
log "Unauthorized connection attempted from [IP::remote_addr]"
reject
} else {
log "Client Accepted [IP::remote_addr]"
}
}