Forum Discussion
rsacheen
Apr 10, 2017Nimbostratus
How do you like to modify your iRule? The code snippet you have provided looks fine syntax wise, but it blocks access from IP's in your AllowList. How about something like this:-
when HTTP_REQUEST {
if { [HTTP::uri] equals "/en_US/HHCM" && !([IP::addr [IP::client_addr] equals AllowList]) } {
log output
reject
} else {
Send traffic to your desired server pool
}
}
Just an example. Correct me if I misunderstood your query.
Connection from client IP's [IP::client_addr] that are not in your data group(AllowList) gets blocked.
- parvez_70211Apr 10, 2017Nimbostratus
But I would need to block actual client IP based on HTTP-X-Forwarded IP and not at [IP::client_addr]. So I would need to extract the IP present on the header first and then match against our allowed IP data group.
- parvez_70211Apr 10, 2017Nimbostratus
Connection from client IP's that are not in your data group(AllowList) gets blocked. - correct
- rsacheenApr 10, 2017Nimbostratus
This might help. Looks like something you are looking for. Have a look!
https://devcentral.f5.com/questions/blocking-x-forwarded-for-ip-adddress