Académique Documents
Professionnel Documents
Culture Documents
R
Knowledge Centers Resources Sign Up | Login | My Support
Quick Tasks
K42075438: Restricting access to a virtual server by IP subnet
Diagnose your system with
iHealth
Non-Diagnostic
Create service request
Description
You can restrict access to a virtual server based on the IP address of the client. If you want to allow access only from a specific IP address or network, you
can configure the Source Address setting for the virtual server with the allowed IP addresses. If you want to block certain client IP addresses or
networks, you can specify the IP addresses to block using local traffic policies, iRules, or packet filters. To do so, perform the following procedures as
needed:
Prerequisites
You must meet the following prerequisite to use this procedure:
Procedures
Configuring allowed client IP addresses for a virtual server
Restricting access based on client IP addresses using local traffic policies
Restricting access based on client IP addresses using iRules
Restricting access based on client IP addresses using packet filters
Note: When the Source Address setting is configured, the BIG-IP system resets any connection attempts from client IP addresses that do not match the
configured addresses.
Impact of procedure: The BIG-IP system denies access to the virtual server if the configuration is incorrect for your environment.
Note: The following example policies reset the connection after the three-way TCP handshake completes if the client IP address matches.
Impact of procedure: The BIG-IP system denies access to the virtual server if the rule configuration is incorrect for your environment.
17. Under Do the following when traffic is matched, select + to expand the settings.
18. Create the following directive:
Reset traffic connection at client accepted time.
BIG-IP 12.x
11. Under Do the following when traffic is matched, select + to expand the settings.
12. Select Reset traffic.
13. Select Save.
14. Select the down arrow next to Save Draft and select the Save and Publish Policy button.
15. Go to Local Traffic > Virtual Servers.
16. Under Resources for the virtual server, select Edit.
17. Under Policies, select Manage.
18. In the Available list, select the name of the policy and to move it to the Enabled list.
19. Select the Finished button.
Impact of procedure: The BIG-IP system denies access to the virtual server if the rule configuration is incorrect for your environment.
when CLIENT_ACCEPTED {
if { [class match [IP::client_addr] eq <datagroup_name>] } {
log local0. "Dropped connection: client IP [IP::client_addr] is blacklisted."
drop
}
}
Impact of procedure: The BIG-IP system denies access to the virtual server if the packet filter configuration is incorrect for your environment.
Supplemental Information
K19823081: Mitigating UDP flood using the BIG-IP packet filter
K46122561: Restricting access to the management port using network firewall rules
rev: 1.5.247.5956