vADC Forum

Reply
New Contributor
Posts: 2
Registered: ‎10-11-2013
Accepted Solution

How can I whitelist ip range with the traffic manager?

I'm in the process to setup an app accessible from the internet. I need to allow traffic from various ip range to this app (which is an API) and decline any other traffic.

Is there an easy way to do it?

I know I can use the embedded WAF to achieve that, but would like to know if I can do it with traffic script.

Thanks in advance,

-S. Rossan

Frequent Contributor
Posts: 321
Registered: ‎11-29-2012

Re: How can I whitelist ip range with the traffic manager?

Take a look at Stingray's Service Protection policies; they may do what you need (I can't recall if they can block-all and whitelist some).

Otherwise a simple trafficscript request rule will do what you need:


$allowed = [


  "192.168.1.1",


  "92.27.24.216",


  "131.111.131.1",


  "8.8.8.8" ];



if( ! array.contains( $allowed, request.getRemoteIP() ) {


  http.sendResponse( "401 Not Authorised", "text/plain", "", "" );


}


If you'd like to match the client IP against IP subnets, then the easiest strategy would be to list these in the array and iterate through the array, testing the IP against each array element using string.ipmaskmatch( $ip, $element );

New Contributor
Posts: 2
Registered: ‎10-11-2013

Re: How can I whitelist ip range with the traffic manager?

It was very helpful but as you mentioned, working with single ip only.

I couldn't figure how to use the ipmaskmatch command. So, I achieve what I was looking for with the Application Firewall.

Thanks for the help anyway.

Brocadian
Posts: 232
Registered: ‎11-29-2012

Re: Re: How can I whitelist ip range with the traffic manager?

For completeness sake, here is a working sample of an ipmaskmatch script used to whitelist upstream SMTP servers:


$client = request.getremoteip();



if( string.ipmaskmatch($client, "216.146.32.0/23" ) == 0 ) { #IP range of Dyndns MX that are our upstream filters




  log.info( "Dropped SMTP connection from untrusted IP: <" . $client . ">" );



  connection.discard();



else {


  log.info( "Permitted SMTP connection from trusted IP: <" . $client . ">" );


        }


Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.