Disallow Access to users from ALL but one country

Unanswered Question
Feb 18th, 2008


I have a CSS11501S-k8 unit which we use to load-balance etc our web and file servers. Is it possible for me to configure it in a way such that only users with an IP address from a specific country are let in to the backend web/file servers and users with IP Addresses from all other countries are redirected to another URL where we display them a "friendly" message?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Gilles Dufour Tue, 02/19/2008 - 01:41

If you know the ip addresses, yes this is possible.

For all the ip that you want to deny, create an ACL to match those ip addresses and use the 'prefer' command to redirect then to a service that would be a redirect.


service my-redirect

redirect ....


acl 1

clause 10 permit any destination content prefer my-redirect

clause 99 permit any any destination any

apply all



ranjtech74 Tue, 02/19/2008 - 22:33

Hi Gilles,

thanks so much for the response. I guess that'll solve it except that I'll have to modify your suggestion such that I add the ALL IP ranges for the one country I want to permit and then at a lower priority rule redirect all others. So I'll have to find out all IP ranges for the 'good' country! Can I specify ranges instead of individual IPs? Or can I create a list of some sort and specify all desired IP ranges/subnets etc?

Thanks so much



This Discussion