Application Delivery (ADX)

Reply
Regular Visitor
Posts: 1
Registered: ‎05-22-2013

source IP address filtering in regard to different urls

Hello!

Is there any way to configure source IP address filtering in regard to different urls without implementing ACLs?

For example, we have two client's subnets 10.0.0.0/24 and 172.16.0.64/26. Also we have two different resources at one real server 192.168.0.100/24 : "/for10" in port 80 and "/for172" in port 8080. VIP - 192.168.0.1.

So, we want to give acces to 192.168.0.100:80/for10 for users from 10.0.0.0/24 only, and to 192.168.0.100:80/for172 for users from 172.16.0.64/26 only

Yhank you!

Brocadian
Posts: 70
Registered: ‎03-14-2009

Re: source IP address filtering in regard to different urls

Hi Akanin,

you can use OpenScript to achive what you want.

Keep in mind to use a default "RST" if none of the client subnets match.

Actually I do not have an example script for helping.

Alex

Contributor
Posts: 47
Registered: ‎07-14-2010

Re: source IP address filtering in regard to different urls

When you can distinguish destination real server based on port number, 80 and 8080, we may not need to look into /for10 and /for172. In that case, using PBSLB (Policy Based SLB) is enough to meet your requirement.

If PBSLB will not meet your requirement, we can write openscript for you, but your use-case is in fact written in following PPT slide deck, page 20. So, it is easy and start from there.

http://community.brocade.com/docs/DOC-3198

----------------

server pbslb enable-config-gen

server pbslb default-group-id ipv4 1

server pbslb add 10.0.0.0/24 1

server pbslb add 172.16.0.64/26 2

server real rs11 192.168.0.100

port http

port http keepalive

port http url "HEAD /"

port http group-id  1 1

port 8080

port 8080 keepalive

port 8080 group-id  2 2

port 8080 url "HEAD /"

server virtual vs11 192.168.0.1

port http

port http sw-l4-pbslb

bind http rs11 http

bind http rs11 8080

----------------

Thanks.

//Kono

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.