Forum Discussion

Nolan_Jensen's avatar
Nolan_Jensen
Icon for Cirrostratus rankCirrostratus
Oct 19, 2021

APM IP Subnet Match - single IP list

Hello, I am trying to figure out the best way to reference a single list of IP's in a few different access policies. Having this would allow me to just maintain one subnet match list and when upd...
  • spalande's avatar
    Oct 21, 2021

    You can create a macro. In macro, select the server side security and IP subnet match for user's range. Call that macro in VPE.

     

    For other option of iRule, you can use something like below

     

    when ACCESS_POLICY_AGENT_EVENT {
        if { ([ACCESS::policy agent_id] eq "match") and (class match [IP::client_addr] equals kerberos_apm_subnet_match])}{
        ACCESS::session data set session.custom.ip 0
     	} else {
    	ACCESS::session data set session.custom.ip 1
    	}
     }

     

    event ID should be "match" and expression should be "expr { [mcget {session.custom.ip}] == 0 }" to match the user subnet