Any ideas how i can use the most optimum way to block external IP address to be able to access a page on our VIP
External IP Address : Non-RFC 1518 IP addressesInternal: 10.0.0.0/8 (the following page should be available to an internal network
URI to block: /serverpage.html from external network, but it should be available
VIP is redirected to HTTPS
I am able to block the pages from everywhere, but selective Subnet block does not seem to work..
class-map type http loadbalance match-all MATCH_TST-AP-SS 20 match http url /.../serverpage.html
class-map type http loadbalance match-all MATCH_TST-AP-SS-int 10 match http url /.../serverpage.html 25 match source-address 10.0.0.0 255.0.0.0
policy-map type loadbalance first-match LBPOLICY_TST-AP
class MATCH_TST-AP-SS-int compress default-method gzip sticky-serverfarm STKYFRM_TEST-AP action HEADER_REWRITE_1
class MATCH_TST-AP-SS drop
class class-default compress default-method gzip sticky-serverfarm STKYFRM_TEST-AP action HEADER_REWRITE_1
policy-map multi-match LBZ_TST_APP class HTTPS-VIP-APP-TEST loadbalance vip inservice loadbalance policy LBPOLICY_TST-AP loadbalance vip icmp-reply active appl-parameter http advanced-options HTTP_PERSIST ssl-proxy server SSL_APP-TEST
If anybody have an idea of how to do it.. ?
So users from 10.0.0.0 are getting access but so is everyone else, is what you want to say or everyone is getting access but not 10.0.0.0?
Which class is getting hit? When user comes, do you see which L7 class is he getting a match on?
You can do show service-policy <policy name> <class name>.
According to the above configuration, any user other than subnet range 10.x.x.x should be dropped.
It does not work... with the above configuration is not accessible from anywhere (that is good) but i want to have it accessible from 10.0.0.0/x network and not from external. (more better)..
Do you see which class is getting hit when you come from src 10.0.x.x network? If you remove both the below classes, does it work?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: