Block an IP Address from Access to a Virtual Service

This section explains the steps to block an IP address or multiple addresses.

A client’s IP address may need to be prevented from accessing an application for several reasons. Likewise, blocking a client’s access can be accomplished in numerous ways. While this article focuses on IP addresses, a client also could be identified based on other identifiers such as a user name, session cookie, or SSL client certificate.

Blocking a Client IP

Navigate to virtual service Edit > Rules tab > Network Security tab > New Rule.

A network security policy can be used to deny a single IP address or multiple addresses. For large IP lists, consider creating a blocklist (Templates > Groups > IP Group. This object can contain extensive lists of IP addresses or network ranges.

An IP group also may be leveraged across multiple virtual-service network security policies. This simplifies adding or removing IP addresses, which can be performed for many applications by changing a single IP group.

DataScript

For finer control, DataScripts may be used to evaluate more criteria before discarding a client connection.

if avi.vs.client_ip() == "10.1.2.3" then
  avi.close_conn()
end