F5 LTM 限制來源IP登入,目前只能只用CLI去做限制
By default, the current list allows all IP addresses to connect to the Configuration utility. If you are adding an IP address or range of IP addresses to the current list the first time, you should perform the following Replacing the current allowed list with a new list procedure described in the following section.
設定方式如下:
設定限制IP
需在tmos下
modify /sys httpd allow add { 172.28.31.140 172.28.65.0/255.255.255.0 }
查看目前限制IP
list /sys httpd allow
修改限制IP
modify /sys httpd allow replace-all-with { 10.0.0.0/255.0.0.0 3.3.3.3 }
刪除限制IP
modify /sys httpd allow delete { 172.28.31.140 172.28.65.150/255.255.255.0 }
設定存檔
save /sys config
當不是所設定的IP來做存取,結果如下:
Refer:https://support.f5.com/csp/article/K13309
Facebook Comments