Forum Discussion

Meeks_60174's avatar
Meeks_60174
Icon for Nimbostratus rankNimbostratus
May 13, 2016

Client address filtering outside an iRule v11.5 code

Hello, I've been looking around, and perhaps my google-foo is not very strong, so I apologize if this is a fairly common solution. Essentially I have this iRule i would like to rid myself of if en...
application delivery
http policy
iRules
LTM
security
Meeks_60174's avatar
Meeks_60174
Icon for Nimbostratus rankNimbostratus
May 13, 2016

You are amazing. Thank you so much for your help.

Im inclined to disagree with the "Policy are executed first, then irules." statement, since i have a policy that never executes, when both conditions of the iRule fail, and thus are dropped. Let me explain more.

The reason im trying to leverage the policy, is related to top level domain. Cant CNAME the top level, and I have customers hitting it directly, and being blocked, since they are bypassing the header injection, and are not coming from the trusted ip space.

I have a policy that does a check for http-host not start with www and redirects with the www inserted. My intent was a first match policy, that had that as rule 1 in the order, followed by the header check and subsequently the IP check.

        no_www {
        actions {
            0 {
                http-reply
                redirect
                location "https://www.[getfield [HTTP::host] \":\" 1][HTTP::uri]"
            }
        }
        conditions {
            0 {
                http-host
                host
                not
                starts-with
                values { www }
            }
        }
        ordinal 2
    }

Any thoughts on how i could leverage all of this together?