Forum Discussion

Nimbostratus

Feb 09, 2011

Datagroup and class match

Been scouring through the docs and can't find any good resource that addresses my question. Please help. I am tasked with creating an iRule that will check incoming packets for the client_ip...

Altostratus

Feb 09, 2011

Rather than checking whether their IP exists and logging it, why not just check whether it doesn't exist? The rule below will check whether their IP exists in the data group. If it doesn't, we'll drop them.


when HTTP_REQUEST {
    Check if the client IP is a member of the exception list
    log local0.debug "IRule has been triggered"
       if { ! [class match [IP::client_addr] eq ip_exception] } {
              drop
              log local0.debug "[IP::client_addr] Your IP was NOT approved via the exception list"
             }
    }

If you'd like to add data to your external class, I suspect just using a file editor would work?

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Datagroup and class match

Recent Discussions

F5 - AS3 - BIGIQ / BIGIP SchemaVersion Missunderstanding

F5OS API - not able to create vlan

F5 APM - limiting access to the bandwidth for network Access

Change LB priority based on status

High CPU utilization (100%).

Related Content

/32 IPs in Datagroup class match not matching

CSV to Address External Datagroup File

Datagroup / Access class match not working.

Class match with starts_with - Data group matching order

Help me! About datagroup

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS