Forum Discussion
ChristerB_10333
Nimbostratus
Feb 23, 2011Blocking a country and sending request to a pool
Hi!
I'm currently blocking some countries with an iRule using Geolocation and a data group list.
The iRule looks like this
when HTTP_REQUEST {
if { [matchcla...
hoolio
Cirrostratus
Feb 24, 2011Actually, the whereis was added in 10.1.0, so you'd need to be on that version or higher to use this iRule. If it's not working on one of those versions, you can add debug logging:
when CLIENT_ACCEPTED {
log local0. "[IP::client_addr]:[TCP::client_port]: whereis: [whereis [IP::client_addr] country], class match: [class match [whereis [IP::client_addr] country] eq blocked_countries]"
Check once per TCP connection if the country for the client IP is in the blocked country datagroup
if { [class match [whereis [IP::client_addr] country] eq blocked_countries] } {
pool blocked_pool
} else {
pool [LB::server pool]
}
}
Aaron
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects