Forum Discussion

Altostratus

Dec 01, 2017

Virtual Server to pool with 3 source IPs on all ports and everyone else on 1 port

Hello, I am trying to build a virtual server which allows 3 specific source network subnet addresses to a pool on all ports, while allowing everyone else access on port 80 only. It seems like I will ...

Cumulonimbus

Dec 01, 2017

Hi Igor,

sounds like an any VS with an any pool behind, meaning the incoming destination port will just be forwarded to the poolmembers. And yes you need an iRule for this, which checks if the destination port is not 80 and the sourceIP is not one of your three subnets. Then it should drop the connection, else allow it. For more flexibility I recommend to use a Data Group List from type address with name "allowed_subnets" and put your three subnets in it. Then use an iRule like this (not proven):

when HTTP_REQUEST {
    if { ([TCP::local_port] ne 80) && ([class match [IP::client_addr] ne "allowed_subnets"]) } {
        drop
    }
}

In case above mentioned iRules does not work directly, I hope this points you in the right direction.

Ciao Stefan 🙂

Forum Discussion

Virtual Server to pool with 3 source IPs on all ports and everyone else on 1 port

Recent Discussions

Rundeck ansible F5 errors

What is the meaning is 52% block in WAF

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Related Content

Check a Virtual Server's SSL Status

'Monitoring for Everyone' Next Time on DevCentral Connects

Virtual Server graphical App for F5 LTM

virtual server config

Reviewing vulnerability scanner results for an Access Policy Manager (APM) protected Virtual Server