Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
517
Views
0
Helpful
2
Replies

Disallow Access to users from ALL but one country

ranjtech74
Level 1
Level 1

‎02-18-2008 01:11 PM

Hello,

I have a CSS11501S-k8 unit which we use to load-balance etc our web and file servers. Is it possible for me to configure it in a way such that only users with an IP address from a specific country are let in to the backend web/file servers and users with IP Addresses from all other countries are redirected to another URL where we display them a "friendly" message?

Thanks

\R

Labels:
0 Helpful
2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

‎02-19-2008 01:41 AM

If you know the ip addresses, yes this is possible.

For all the ip that you want to deny, create an ACL to match those ip addresses and use the 'prefer' command to redirect then to a service that would be a redirect.

ie:

service my-redirect

redirect ....

active

acl 1

clause 10 permit any destination content prefer my-redirect

clause 99 permit any any destination any

apply all

Regards,

Gilles.

0 Helpful

ranjtech74
Level 1
Level 1
In response to Gilles Dufour

‎02-19-2008 10:33 PM

Hi Gilles,

thanks so much for the response. I guess that'll solve it except that I'll have to modify your suggestion such that I add the ALL IP ranges for the one country I want to permit and then at a lower priority rule redirect all others. So I'll have to find out all IP ranges for the 'good' country! Can I specify ranges instead of individual IPs? Or can I create a list of some sort and specify all desired IP ranges/subnets etc?

Thanks so much

\R

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card