Forum Discussion

Nimbostratus

Feb 09, 2011

Datagroup and class match

Been scouring through the docs and can't find any good resource that addresses my question. Please help. I am tasked with creating an iRule that will check incoming packets for the client_ip...

Chris_Miller

Altostratus

Feb 09, 2011

Rather than checking whether their IP exists and logging it, why not just check whether it doesn't exist? The rule below will check whether their IP exists in the data group. If it doesn't, we'll drop them.


when HTTP_REQUEST {
    Check if the client IP is a member of the exception list
    log local0.debug "IRule has been triggered"
       if { ! [class match [IP::client_addr] eq ip_exception] } {
              drop
              log local0.debug "[IP::client_addr] Your IP was NOT approved via the exception list"
             }
    }

If you'd like to add data to your external class, I suspect just using a file editor would work?

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Datagroup and class match

Recent Discussions

Changes to DO and AS3 GitHub - no longer monitored

SSL Forward Proxy, iRules and Client Hello

monitor/healthcheck issue with envoy gateway

Recommendation for Adv. Lab

How to Verify config before loading to F5

Related Content

Generic iRule based on datagroup parsing

/32 IPs in Datagroup class match not matching

DGCat-Admin — F5 BIG-IP Datagroup & URL Category Manager

Datagroup / Access class match not working.

CSV to Address External Datagroup File

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS