Forum Discussion
Robert_Pagano_7
Nimbostratus
Nimbostratusconditional redirect based on client's IP address
I need to be able to redirect HTTP connections to a virtual server if the source IP address of the client is not part of a pre-determined group.
If the client is a member of that group, the connection should be processed normally.
I am considering the following...
----- data group list (class) ALLOWED_IP_class -----
host xxx.xxx.xxx.xxx
host xxx.xxx.xxx.xxx
host xxx.xxx.xxx.xxx
----- iRule -----
when HTTP_REQUEST {
Check if the client IP is not part of the "ALLOWED_IP_class"
if { not ([matchclass [IP::client_addr] equals $::ALLOWED_IP_class]) }{
HTTP::redirect "http://someotherdomain.example.com/maintenance.html"
}
}
Questions:
[1] Will the above work correctly?
[2] I will need the same functionality for the related HTTPS virtual server. Is there a comparable event for HTTPS?
Any help will be most appreciated!
Thank you.
- dennypayne
Employee
Your logic looks fine (I'm not near a box to double-check the syntax but it looks good too).
The same rule will work for HTTPS connections but it will require the LTM to be doing SSL offload, if the SSL is in passthrough mode you can't do any iRule manipulation on HTTP events. You can use both a client and server ssl profile to re-encrypt on the way to the nodes if need be.
Denny
