For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Robert_Pagano_7's avatar
Robert_Pagano_7
Icon for Nimbostratus rankNimbostratus
Jan 14, 2009

conditional redirect based on client's IP address

I need to be able to redirect HTTP connections to a virtual server if the source IP address of the client is not part of a pre-determined group.

 

 

If the client is a member of that group, the connection should be processed normally.

 

 

I am considering the following...

 

 

----- data group list (class) ALLOWED_IP_class -----

 

 

host xxx.xxx.xxx.xxx

 

host xxx.xxx.xxx.xxx

 

host xxx.xxx.xxx.xxx

 

 

----- iRule -----

 

 

when HTTP_REQUEST {

 

Check if the client IP is not part of the "ALLOWED_IP_class"

 

if { not ([matchclass [IP::client_addr] equals $::ALLOWED_IP_class]) }{

 

HTTP::redirect "http://someotherdomain.example.com/maintenance.html"

 

}

 

}

 

 

 

Questions:

 

 

[1] Will the above work correctly?

 

 

[2] I will need the same functionality for the related HTTPS virtual server. Is there a comparable event for HTTPS?

 

 

Any help will be most appreciated!

 

 

Thank you.
application delivery
dev
devops
iRules

1 Reply

  • dennypayne's avatar
    dennypayne
    Icon for Employee rankEmployee
    Jan 14, 2009
    Your logic looks fine (I'm not near a box to double-check the syntax but it looks good too).

     

     

    The same rule will work for HTTPS connections but it will require the LTM to be doing SSL offload, if the SSL is in passthrough mode you can't do any iRule manipulation on HTTP events. You can use both a client and server ssl profile to re-encrypt on the way to the nodes if need be.

     

     

    Denny