Forum Discussion
swo0sh_gt_13163
Altostratus
AltostratusConvert HTTP Class iRules for version 11.5.1 or later
Hello Folks,
I had a customer who is using the old version of iRules, which contains HTTP Class selected commands, and now they want to upgrade to 11.5.1. The command is no longer supporting in that version and I am not able to convert it to compatible way to accept that iRule in 11.5.1
Sample iRule from the customer setup is as following.
ltm rule /Common/Ems_staging_admins {
when HTTP_REQUEST {
if { [class match [IP::client_addr] equals "disable_asm_ip_ranges"] }{
HTTP::class select /Common/cls_EMS_staging_admin
}
else {
HTTP::class select /Common/cls_EMS_staging
}
}
}
ltm rule /Common/efax_smtp_allow {
when CLIENT_ACCEPTED {
if { [class match [IP::client_addr] equals "allowed_ip_efax"] }{
log local0. "allowed to relay from [IP::client_addr]"
}
else {
drop
log local0. "Not allowed to relay from [IP::client_addr]"
}
}
There are 2 iRules, and many more which needs to get edited. Can anyone shed some light on how can I modify the iRule in a way where it can be applied on 11.5.1
I have tried to follow the article, however I couldn't fix it.
Thank you, Darshan
JGCumulonimbus
What do those HTTP Class profiles do?
swo0sh_gt_13163Hello Jie,
Thanks for the reply. It was my bad.
It is just for enabling ASM. Which I can do through traffic profile in 11.5.1 I will manage it.
Cheers! Darshan
- swo0sh_gt_13163
Hey Folks,
I got stuck again with the same issue, this time the iRule is a little complex than the one I asked earlier.
Following is the snippet for your reference.
when HTTP_REQUEST { set FLAG_BLOCKED 0 set Disabl_ASM_FLAG 0 if {$GLOBAL_breakALL == 0} { if {[HTTP::uri] starts_with "/admin/content/"} { if {[class match [IP::client_addr] equals AB_Web_Folder_IP]} { log local0. "Access to admin is allowed" ASM::disable set Disabl_ASM_FLAG 1 } else { log local0. "Someone trying to access /admin/content/ illegally from Source IP: [IP::client_addr] " set FLAG_BLOCKED 1 set Disabl_ASM_FLAG 1 } } } } when HTTP_CLASS_SELECTED { log local0. "inside class selection" if {$Disabl_ASM_FLAG == 1} { if { [HTTP::class asm] == 1 } { ASM::disable log local0. "ASM is disabled now" } } if {$FLAG_BLOCKED == 1} { reject } }How can I eliminate the use of when
andHTTP_CLASS_SELECTED
? Any help?HTTP::class ASMThank you,
Darshan
- swo0sh_gt_13163
Hey Folks,
I've managed to fix the iRule, following is the updated copy of the same.
when HTTP_REQUEST { set FLAG_BLOCKED 0 set Disabl_ASM_FLAG 0 if {$GLOBAL_breakALL == 0} { if {[HTTP::uri] starts_with "/admin/content/"} { if {[class match [IP::client_addr] equals AB_Web_Folder_IP]} { log local0. "Access to admin is allowed" ASM::disable set Disabl_ASM_FLAG 1 } else { log local0. "Someone trying to access /admin/content/ illegally from Source IP: [IP::client_addr] " set FLAG_BLOCKED 1 set Disabl_ASM_FLAG 1 } } } if {[llength [POLICY::names matched]] > 0} { log local0. "inside class selection" if {$Disabl_ASM_FLAG == 1} { if { [POLICY::controls asm] == 1 } { ASM::disable log local0. "ASM is disabled now" } } if {$FLAG_BLOCKED == 1} { reject } } }I hope this would help someone.
Cheers! Darshan