Forum Discussion
Check code for ordering of events and accuracy
All the action exists in a single event. The client will be redirected or not, the external pool will be selected or not, so the line by line order doesn't matter so much as how you construct your logic. I personally don't like to leave logic on pool selection spread across objects, such as having a default pool that isn't visible in the rule, so even if you specify a default pool, I'd still be explicit to send traffic there if they do match internal users. But that's my preference, not required. I'd also combine your logic to set the pool and/or reject so that you don't have to check the XFF IP data-group twice, so make the if condition about the data-group, then inside that condition, you can do an if/else for the URI
Thanks Jason...
I added the specific pool in the irule so that if users XFF IP matches the "DG-INTERNAL-USERS-XFF" gets sent to the internal pool designated for internal employees...
What would be the best way to group the pool/reject together here?
f { !([class match $CHECK_IP eq DG-INTERNAL-USERS-XFF]) } {
pool EXTERNAL-POOL
} else {
pool INTERNAL-POOL
if { !([class match $CHECK_IP eq DG-INTERNAL-USERS-XFF]) } {
if { [class match [HTTP::uri] eq DG-URI-LIST] } {
reject }
}
########## Modified with default internal Pool in iRule #########
when HTTP_REQUEST {
set CHECK_IP [lindex [lsearch -all -inline -not -exact [split [HTTP::header values X-Forwarded-For] "\{\} ,"] {}] 0]
log local0. "the X-Forwarded-For header value is $CHECK_IP"
if { !([class match $CHECK_IP eq DG-INTERNAL-USERS-XFF]) } {
pool EXTERNAL-POOL
} else {
pool INTERNAL-POOL
if { !([class match $CHECK_IP eq DG-INTERNAL-USERS-XFF]) } {
if { [class match [HTTP::uri] eq DG-URI-LIST] } {
reject }
}
switch -glob [HTTP::uri] {
"*/app1/abc/portal/Tracker*" -
"*/app2/cde/Tracker*" -
"*/app3/wps/portal/CaseTracker*" {
if { ([class match $CHECK_IP eq DG-INTERNAL-USERS-XFF]) } {
if { [HTTP::uri] contains "/app2/Tracker" } {
HTTP::redirect "https://[HTTP::host]/new-app2/Tracker"
} else {
HTTP::redirect "https://[HTTP::host]/app1/old/portal/Tracker/"
}
}
}
}
}
}
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com