This section explains the steps to block an IP address or multiple addresses.
A client’s IP address may need to be prevented from accessing an application for several reasons. Likewise, blocking a client’s access can be accomplished in numerous ways. While this article focuses on IP addresses, a client also could be identified based on other identifiers such as a user name, session cookie, or SSL client certificate.
Blocking a Client IP
Navigate to virtual service
.A network security policy can be used to deny a single IP address or multiple addresses. For large IP lists, consider creating a blocklist (
. This object can contain extensive lists of IP addresses or network ranges.An IP group also may be leveraged across multiple virtual-service network security policies. This simplifies adding or removing IP addresses, which can be performed for many applications by changing a single IP group.
DataScript
For finer control, DataScripts may be used to evaluate more criteria before discarding a client connection.
if avi.vs.client_ip() == "10.1.2.3" then avi.close_conn() end