Forum Discussion
Datagroup / Access class match not working.
I have the following iRule and the redirect is working well. However, I want to restrict the clients that connect. Can someone help me out with a recommendation? I have tried the below addition to no avail. iRule works fine with just redirect:
when HTTP_REQUEST { HTTP::redirect http://my.website.com/main/MWS-autologin.cfm?x=testing123four }
iRule rejects everyone with the below applied. I have a datagroup I set up with the GUI to allow the 10.0.0.0/24. When I source traffic from the 10.0.0.0/24, I see a reset-0 message in my firewall. When I source traffic from outside the 10.0.0.0/24, I see a reset-I message in my firewall. This confirms that the iRule is doing something just not what I want it to.
when CLIENT_ACCEPTED { if { [class match [IP::client_addr] equals desired-clients] }{ forward } else { discard } } when HTTP_REQUEST { HTTP::redirect http://my.website.com/main/MWS-autologin.cfm?x=testing123four }
Sets the connection to forward IP packets. This is strict forwarding and will bypass any pool configured on the virtual server.
The request will be forwarded out the appropriate interface according to the routes in the LTM routing table. No destination address or port translation is performed.
Try removing your forward command and changing up your iRule logic.
when CLIENT_ACCEPTED { if { ![class match [IP::client_addr] equals mynetwork] } { discard } } when HTTP_REQUEST { HTTP::redirect http://my.website.com/main/MWS-autologin.cfm?x=testing123four }
Hope this helps.
- ArieAltostratus
Have you tried taking out the "forward"?
when CLIENT_ACCEPTED { if { not ( [class match [IP::client_addr] equals desired-clients] ) } { discard } }
- Michael_YatesNimbostratus
Sets the connection to forward IP packets. This is strict forwarding and will bypass any pool configured on the virtual server.
The request will be forwarded out the appropriate interface according to the routes in the LTM routing table. No destination address or port translation is performed.
Try removing your forward command and changing up your iRule logic.
when CLIENT_ACCEPTED { if { ![class match [IP::client_addr] equals mynetwork] } { discard } } when HTTP_REQUEST { HTTP::redirect http://my.website.com/main/MWS-autologin.cfm?x=testing123four }
Hope this helps.
- Eric_Lenington_NimbostratusThank you Michael you have been a great help. Although both answers ultimately were able to assist us.
Sets the connection to forward IP packets. This is strict forwarding and will bypass any pool configured on the virtual server.
The request will be forwarded out the appropriate interface according to the routes in the LTM routing table. No destination address or port translation is performed.
Try removing your forward command and changing up your iRule logic.
when CLIENT_ACCEPTED { if { ![class match [IP::client_addr] equals mynetwork] } { discard } } when HTTP_REQUEST { HTTP::redirect http://my.website.com/main/MWS-autologin.cfm?x=testing123four }
Hope this helps.
- Eric_Lenington_NimbostratusThank you Michael you have been a great help. Although both answers ultimately were able to assist us.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com