Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How can I whitelist ip range with the traffic manager?

SOLVED
Go to solution
Highlighted
srossan
New Contributor
‎10-11-2013 10:59:AM
‎10-11-2013 10:59:AM

How can I whitelist ip range with the traffic manager?

I'm in the process to setup an app accessible from the internet. I need to allow traffic from various ip range to this app (which is an API) and decline any other traffic.

Is there an easy way to do it?

I know I can use the embedded WAF to achieve that, but would like to know if I can do it with traffic script.

Thanks in advance,

-S. Rossan

0 Kudos
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
aclarke
Frequent Contributor
‎11-18-2013 03:52:PM
‎11-18-2013 03:52:PM

Re: Re: How can I whitelist ip range with the traffic manager?

For completeness sake, here is a working sample of an ipmaskmatch script used to whitelist upstream SMTP servers:


$client = request.getremoteip();


if( string.ipmaskmatch($client, "216.146.32.0/23" ) == 0 ) { #IP range of Dyndns MX that are our upstream filters



  log.info( "Dropped SMTP connection from untrusted IP: <" . $client . ">" );


  connection.discard();


else {

  log.info( "Permitted SMTP connection from trusted IP: <" . $client . ">" );

        }

--
Aidan Clarke
Pulse Secure vADC Product Manager

View solution in original post

0 Kudos
Reply
3 REPLIES 3
Highlighted
owen
Frequent Contributor
‎10-11-2013 04:14:PM
‎10-11-2013 04:14:PM

Re: How can I whitelist ip range with the traffic manager?

Take a look at Stingray's Service Protection policies; they may do what you need (I can't recall if they can block-all and whitelist some).

Otherwise a simple trafficscript request rule will do what you need:


$allowed = [

  "192.168.1.1",

  "92.27.24.216",

  "131.111.131.1",

  "8.8.8.8" ];


if( ! array.contains( $allowed, request.getRemoteIP() ) {

  http.sendResponse( "401 Not Authorised", "text/plain", "", "" );

}

If you'd like to match the client IP against IP subnets, then the easiest strategy would be to list these in the array and iterate through the array, testing the IP against each array element using string.ipmaskmatch( $ip, $element );

Reply
Highlighted
srossan
New Contributor
‎10-17-2013 05:17:PM
‎10-17-2013 05:17:PM

Re: How can I whitelist ip range with the traffic manager?

It was very helpful but as you mentioned, working with single ip only.

I couldn't figure how to use the ipmaskmatch command. So, I achieve what I was looking for with the Application Firewall.

Thanks for the help anyway.

0 Kudos
Reply
Highlighted
aclarke
Frequent Contributor
‎11-18-2013 03:52:PM
‎11-18-2013 03:52:PM

Re: Re: How can I whitelist ip range with the traffic manager?

For completeness sake, here is a working sample of an ipmaskmatch script used to whitelist upstream SMTP servers:


$client = request.getremoteip();


if( string.ipmaskmatch($client, "216.146.32.0/23" ) == 0 ) { #IP range of Dyndns MX that are our upstream filters



  log.info( "Dropped SMTP connection from untrusted IP: <" . $client . ">" );


  connection.discard();


else {

  log.info( "Permitted SMTP connection from trusted IP: <" . $client . ">" );

        }

--
Aidan Clarke
Pulse Secure vADC Product Manager

View solution in original post

0 Kudos
Reply
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.