White/Black List based on Source IP

Access Control List

Access Control Lists (ACLs) can be used both globally and per virtual service. Please see this link for more details on setting up ACLs
https://support.kemptechnologies.com/hc/en-us/articles/202041125-Creating-an-Access-Control-List-ACL-

Note that the LoadMaster is unable to use ACLs on sub virtual services. However, it is possible to use the other methods mentioned below for sub virtual services.
Content Rules
By using the following rule to match on source IP, it can be used to white-list a single IP or a range.
If you select the fail on match option, it behaves as a blacklist.

An example of a rule you should create is shown below.

Rule Type: Content Matching
Match Type:  Regular Expression
Header Field: src-ip
   
If single address 192.168.10.10
Match String: /^192\.168\.10\.10$/
If address range   192.168.0.0/16
Match String: /^192\.168\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9][0-9]?)\.(25[0-4]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]?)$/


Explaining the Match String /^192\.168\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9][0-9]?)\.(25[0-4]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]?)$/
   
Start Regex: /
Start Match: ^
Match: 192.168. 
  192.168.0 – 192.168.255
  192.168.0.1 – 192.168.255.254
End Match $
End Regex /

WAF
Finally, you can use a custom WAF rule to allow or deny clients based on the IP address as shown below.

Whitelist for Single IP (192.168.10.10)

  • SecRule REMOTE_ADDR "192.168.10.10" "id:'101',phase:1,t:none,allow,log,msg:'IP Allow Rule'"
  • SecRule REMOTE_ADDR "\." "id:'99999',phase:1,t:none,deny,log,msg:'IP Deny Rule'"

Whitelist for an IP Rrange (192.168.10.0/24)

  • SecRule REMOTE_ADDR "@ipMatch 192.168.10.0/24" "id:'101',phase:1,t:none,allow,log,msg:'IP Allow Rule'"
  • SecRule REMOTE_ADDR "\." "id:'99999',phase:1,t:none,deny,log,msg:'IP Deny Rule'"

Blacklist for Single IP (192.168.10.10)

  • SecRule REMOTE_ADDR "192.168.10.10"
    "id:'101',phase:1,t:none,deny,log,msg:'IP Deny Rule'"
  • SecRule REMOTE_ADDR "\." "id:'99999',phase:1,t:none,allow,log,msg:'IP Allow Rule'"

Blacklist for an IP Range (192.168.10.0/24)

  • SecRule REMOTE_ADDR "@ipMatch 192.168.10.0/24"
  • "id:'101',phase:1,t:none,deny,log,msg:'IP Deny Rule'"
    SecRule REMOTE_ADDR "\." "id:'99999',phase:1,t:none,allow,log,msg:'IP Allow Rule'"
Was this article helpful?

0 out of 0 found this helpful

Comments