Forum Discussion
Converting A10 aFlex rules to F5 iRules
Hi,
We are moving onto F5s and Im having an issue with an irule
The A10 aflex rules are as follows
A10
when HTTP_REQUEST {
set uri [string tolower [HTTP::uri]]
if { ($uri starts_with "<.url>") and not ([CLASS::match [IP::client_addr] Test_IPs1 ip] or [CLASS::match [IP::client_addr] TestIPs2 ip] ) } {
drop
}}
And I'm trying to implement this on the F5 with
when HTTP_REQUEST {
set uri [string tolower [HTTP::uri]]
if { ($uri starts_with "<url>") && ([class match ne [IP::remote_addr] Test_IPs1 ] | [class match ne [IP::remote_addr] Test_IPs2 ] ) } {
drop
}
}
When I apply this irule to the VIP i can no longer access the URL behind that VIP
Only IPs that should be allowed through should be in Test_IPs1 or Test_IPs2
Anyone know how the F5 rule should look?
Thanks
Adrian
- JRahmAdmin
Hi adrianglendinning your class syntax is a little off. Try this:
when HTTP_REQUEST priority 500 { if { [string tolower [HTTP::uri]] starts_with "/my/url/here" && ![class match -- [IP::client_addr] equals Test_IPs1] && ![class match -- [IP::client_addr] equals Test_IPs2] } { drop } }
also you can combine those two classes into a single class to simplify the condition a little unless there's a good reason to keep them separate.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com