For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Brian_Mayer_841's avatar
Brian_Mayer_841
Icon for Nimbostratus rankNimbostratus
Aug 19, 2008

Conditional logic based on source IP

Hi guys,     We'd like to implement an iRule that triggers on the presence of two or three specific strings in the URI. When any of the strings are found, we next want to check the source ...
application delivery
dev
devops
iRules
Brian_Mayer_841's avatar
Brian_Mayer_841
Icon for Nimbostratus rankNimbostratus
Aug 22, 2008
So I've created an iRule but it's not quite working. Here's it is:

 

 

when HTTP_REQUEST {

 

if {[matchclass [HTTP::uri] contains $::cm2prod_filtered_URI] and (not [matchclass [IP::client_addr] eq $::corporate_external_net])}{

 

discard

 

}

 

}

 

 

I've got a data group that contains a list of several line items. If any of the strings appears in the URI and the source IP is not the corporate network, then the traffic should be dropped.

 

 

Here's the data group for the URI strings to match:

 

 

/init/

 

/msg/

 

/debs/

 

/amsg/

 

/web/

 

/catalogAdmin/

 

/visualModeler/

 

/attributeMgr/

 

/productMgr/

 

/pricingMgr/

 

/enterpriseMgr/

 

/tokenIF/

 

/customerSegmentation/

 

 

The data group for the network addresses is a simple list of our external corporate firewall IPs.

 

 

Any idea why this isn't working and how to troubleshoot?

 

 

Thanks!

 

B