Forum Discussion
Stefan_Klotz
Dec 01, 2017Cumulonimbus
Hi Igor,
sounds like an any VS with an any pool behind, meaning the incoming destination port will just be forwarded to the poolmembers. And yes you need an iRule for this, which checks if the destination port is not 80 and the sourceIP is not one of your three subnets. Then it should drop the connection, else allow it. For more flexibility I recommend to use a Data Group List from type address with name "allowed_subnets" and put your three subnets in it. Then use an iRule like this (not proven):
when HTTP_REQUEST {
if { ([TCP::local_port] ne 80) && ([class match [IP::client_addr] ne "allowed_subnets"]) } {
drop
}
}
In case above mentioned iRules does not work directly, I hope this points you in the right direction.
Ciao Stefan 🙂