Geolocation and ip acl




Discard a customer connection or request in line with the client’s source Ip.

This use situation might be configured using a DataScript or perhaps a Network Security or HTTP Security policy. If your bigger listing of client IPs will be used, or maybe the origin IP addresses derive from a geographic location, then your DataScript or policies ought to be pointed in an IP group.

Geolocation and ip acl This use


A DataScript enables you to close the client’s connection. This can be done using a TCP RST or perhaps a elegant TCP FIN. This is dependent upon a flag within the avi.http.close_conn command.

Geolocation and ip acl configured and maintained
Example 1 This rule discards a statically defined Ip.

if avi.versus.client_ip() == “” then



Example 2 This rule discards a listing or number of IP addresses. This may be a listing, range, or perhaps a geographic location like a number of countries. The IP list is determined inside the IP Group and enforced through the DataScript.

if avi.ipgroup.contains(“Blacklist-IP-Group”, avi.versus.client_ip()) then




The Network Security and also the HTTP Security policies enables you to discard a customer according to their Ip. The next illustrations show developing a configured policy rule that is referencing an IP group known as Blacklist. If this policy is triggered, a substantial log is going to be generated indicating the insurance policy dropped this user. With sufficient frequency, it can possibly get in a penalty around the health score’s security row.

IP Group

The IP group is configured and maintained individually in the DataScript or policy referencing it. The audience could have lists of addresses or country codes. Begin to see the IP Group KB for additional detail about this feature.