Forum Discussion
2 Replies
Sort By
- Andy_McGrathCumulonimbus
Simply iRule assigned to the Virtual Server would do it:
when HTTP_REQUEST { if {[HTTP::host] == "app2.test.com" && [IP::addr [IP::client_addr] equals 10.10.10.100]} { drop } }
Could also look to do the same with an LTM Policy:
ltm policy ExampleDropPolicy { controls { forwarding } requires { http tcp } rules { dropTraffic { actions { 0 { forward reset } } conditions { 0 { tcp address matches values { 10.10.10.10 } } 1 { http-host host values { app2.test.com } } } } } strategy first-match }
- youssef1Cumulonimbus
Hi,
First of create first of all, you have to create as many datagroup as you have from hostname to filtered. Example:
DG1: dg-blocked-app1.test.com Type:Address Address : 10.10.10.100 Value: mycustomer DG2: dg-blocked-app2.test.com Type:Address Address : empty Value: DG3: dg-blocked-app3.test.com Type:Address Address : empty Value:
Then use this simple Irule (it is important to respect case in DG creaction: tolower because as you can noticed below, you DG in the irule is create dynamcly depending the hostname that you enter)
when HTTP_REQUEST { set envhost [string tolower [HTTP::host]] if { [class match [IP::client_addr] equals dg-blocked-$envhost]} { reject } }
Next you can manage how will be blocked by setting these IP in concerned DG.
Hope it help you, let me now.
Regards