Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Disallow Access to users from ALL but one country

Hello,

I have a CSS11501S-k8 unit which we use to load-balance etc our web and file servers. Is it possible for me to configure it in a way such that only users with an IP address from a specific country are let in to the backend web/file servers and users with IP Addresses from all other countries are redirected to another URL where we display them a "friendly" message?

Thanks

\R

2 REPLIES
Cisco Employee

Re: Disallow Access to users from ALL but one country

If you know the ip addresses, yes this is possible.

For all the ip that you want to deny, create an ACL to match those ip addresses and use the 'prefer' command to redirect then to a service that would be a redirect.

ie:

service my-redirect

redirect ....

active

acl 1

clause 10 permit any destination content prefer my-redirect

clause 99 permit any any destination any

apply all

Regards,

Gilles.

New Member

Re: Disallow Access to users from ALL but one country

Hi Gilles,

thanks so much for the response. I guess that'll solve it except that I'll have to modify your suggestion such that I add the ALL IP ranges for the one country I want to permit and then at a lower priority rule redirect all others. So I'll have to find out all IP ranges for the 'good' country! Can I specify ranges instead of individual IPs? Or can I create a list of some sort and specify all desired IP ranges/subnets etc?

Thanks so much

\R

149
Views
0
Helpful
2
Replies
CreatePlease to create content