For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Kevin_Nail's avatar
Kevin_Nail
Icon for Nimbostratus rankNimbostratus
Feb 09, 2011

Datagroup and class match

Been scouring through the docs and can't find any good resource that addresses my question. Please help.     I am tasked with creating an iRule that will check incoming packets for the client_ip...
application delivery
dev
devops
iRules
Chris_Miller's avatar
Chris_Miller
Icon for Altostratus rankAltostratus
Feb 09, 2011
Rather than checking whether their IP exists and logging it, why not just check whether it doesn't exist? The rule below will check whether their IP exists in the data group. If it doesn't, we'll drop them. 


when HTTP_REQUEST {
    Check if the client IP is a member of the exception list
    log local0.debug "IRule has been triggered"
       if { ! [class match [IP::client_addr] eq ip_exception] } {
              drop
              log local0.debug "[IP::client_addr] Your IP was NOT approved via the exception list"
             }
    }

If you'd like to add data to your external class, I suspect just using a file editor would work?