For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

MW1's avatar
MW1
Icon for Cirrus rankCirrus
Jul 01, 2014

Can anyone explain the behaviour of this irule

All, I am trying to understand the behaviour of the below irule. It was meant to block access to the down.php URI, except from the two src ip ranges stated, however it blocks access from any locat...
application delivery
devops
iRules
LTM
management
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Jul 01, 2014

A slightly different placement of the logic is in order:

when HTTP_REQUEST { 
    log local0. " Request in [IP::client_addr] [HTTP::host][HTTP::uri]"
    if { ( [HTTP::uri] contains "/down.php" ) and not ( ( [IP::addr [IP::client_addr] equals 75.66.12.0/255.255.255.0] ) or ( [IP::addr [IP::client_addr] equals 15.150.0.0/255.255.0.0] ) ) } { 
        log local0. " Blocked access [IP::client_addr] [HTTP::host][HTTP::uri]"
         drop the request
        reject
    }  
}

If you're ever curious about what a logic statement is returning, you can do something like this:

log local0. [expr { ( ( [IP::addr [IP::client_addr] equals 10.80.0.0/255.255.255.0] ) or ( [IP::addr [IP::client_addr] equals 15.150.0.0/255.255.0.0] ) ) }]