Forum Discussion
MW1
Cirrus
CirrusClass match does not appear to work how I expected with contains
All, I am trying to write an irule that essentially matches a http header value and checks the allowed IPs which can send it. I have created a datagroup called headers (string type as address typ...
Hi
Then you can :
- Create a data group "string" with header name as key, and IP / IP RANGE as values
header1 := 10.10.10.0/24|10.10.20.0/24|10.50.1.1
Get the header
Check if header in datagroup, and if not, allow (header not filtered)
If header in datagroup, get allowed IPs and range in list
Loop through each IP /range and check if source is included there.
And make a decision.
set allowedips [split [class match -value $hdrtocheck equals ttt] "|"] log local0. "$allowedips" set allowed 0 if { ! ($allowedips equals "") } { foreach ip $allowedips { if {[IP::addr $srcip equals $ip ]}{ incr allowed } } if { $allowed > 0 } { log local0. "$srcip allowed" } else { log local0. "$srcip denied" } } else { log local0. "not checked" }
Yoann_Le_Corvi1
Cumulonimbus
CumulonimbusHi
Then you can :
- Create a data group "string" with header name as key, and IP / IP RANGE as values
header1 := 10.10.10.0/24|10.10.20.0/24|10.50.1.1
Get the header
Check if header in datagroup, and if not, allow (header not filtered)
If header in datagroup, get allowed IPs and range in list
Loop through each IP /range and check if source is included there.
And make a decision.
set allowedips [split [class match -value $hdrtocheck equals ttt] "|"]
log local0. "$allowedips"
set allowed 0
if { ! ($allowedips equals "") } {
foreach ip $allowedips {
if {[IP::addr $srcip equals $ip ]}{
incr allowed
}
}
if { $allowed > 0 } {
log local0. "$srcip allowed"
} else {
log local0. "$srcip denied"
}
} else {
log local0. "not checked"
}