Forum Discussion
spalande
May 02, 2024Nacreous
My bad. Else condition is rejecting all traffic. Try below and I would suggest try on non-prod VIP first.
when HTTP_REQUEST {
set ip_reputation_categories [IP::reputation [IP::client_addr]]
if {([$ip_reputation_categories contains "Spam Sources"]) and (!([[whereis [IP::client_addr] country] equals "NP"]))} {
log local0. "IP from spam sources block: [IP::client_addr]"
drop
} else {
#DO NOTHING
}
}
- Nishal_RaiMay 09, 2024Cirrocumulus
spalande
Few lines were also added for the debugging purpose in the provided iRule as discussed before.when HTTP_REQUEST { set ip_reputation_categories [IP::reputation [IP::client_addr]] if {([$ip_reputation_categories contains "Spam Sources"]) and (!([[whereis [IP::client_addr] country] equals "NP"]))} { log local0. "IP from spam sources block: [IP::client_addr]" drop } else { log local0. "IP from spam sources from Nepal, allow: [IP::client_addr]" #DO NOTHING } }
However after few minutes of attaching the iRule on the virtual server, the application stopped working.
While the following error logs were found on the /var/log/ltm,May 8 13:07:06 waf.domain.com err tmm2[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources"" May 8 13:07:06 waf.domain.com err tmm[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources"" May 8 13:07:06 waf.domain.com err tmm1[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources"" May 8 13:07:06 waf.domain.com err tmm2[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources"" May 8 13:07:06 waf.domain.com err tmm3[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources"" May 8 13:07:06 waf.domain.com err tmm3[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources"" May 8 13:07:06 waf.domain.com err tmm1[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources"" May 8 13:07:06 waf.domain.com err tmm3[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources"" May 8 13:07:06 waf.domain.com err tmm2[19426]: 01220001:3: TCL error: /Common/NP-GeoIP-Spam_Sources_Allow <HTTP_REQUEST> - invalid command name "" while executing "$ip_reputation_categories contains "Spam Sources""
It seems the iRule is still not valid to check the IPI category variable especially for the[$ip_reputation_categories contains "Spam Sources"]