For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jure_Simsic_106's avatar
Jure_Simsic_106
Icon for Nimbostratus rankNimbostratus
Feb 16, 2007

Admin access check

I have a fairly basic irule that's giving me trouble. The idea is that when a client a ceirtain url, he get's allowed access (use another pool) in case his IP is from a valid subnet, otherwise we don'...
application delivery
dev
devops
iRules
Wes_98712's avatar
Wes_98712
Icon for Nimbostratus rankNimbostratus
Feb 16, 2007
So it appears you are trying to validate that a client's IP address matches a specific IP class then right?

You could do the following (note: untested, check the syntax and make sure I haven't gummed something up):


class networks_class  {
   network 10.10.10.0 mask 255.255.255.0
   network 10.10.11.0 mask 255.255.255.0
}
when HTTP_REQUEST {
   set my_uri [HTTP::uri]
   set my_client [IP::client_addr]
   if { $my_uri starts_with "/admin" } {
      if { [matchclass $my_client equals $::networks_class] } { 
         pool admin-pool
      }
   } else {
      discard
   }
}

It's a bit cleaner, plus you are using some v4x syntax as well, use pool is now just pool .

I haven't tested this, but the config was accepted, I don't see why it wouldn't work. Best of all, you are using a datagroup which contains the network masks you want to validate against, all you have to do is update the datagroup each time you want to add a new network class, or remove one.