For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Valentine_96813's avatar
Valentine_96813
Icon for Nimbostratus rankNimbostratus
Aug 23, 2011

Filter Source IP

Had a request come across my desk from a user that I had never tried before and was wondering if someone might have done this.     What is requested is to have a live pool running as intended ...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Aug 23, 2011
Hi Valentine,

Sure you can do this. For a single IP or network range, you could use the IP::addr command to check the client IP. For multiple comparisons, you can use a datagroup and the class match command (v10+) or the matchclass command (v9).

Here's an example for v10+: 

 Datagroup containing the hosts/networks you want to pin to a pool member
class ip_subnets_class {
   {
      host 1.1.1.1
      network 2.2.2.0/24
   }
}

And the iRule which selects a specific pool member based on the client being in the datagroup: 

when CLIENT_ACCEPTED {

    Check if the client IP is in the ip_subnets_class
   if {[class match [IP::client_addr] equals ip_subnets_class]}{

       Select a specific pool member from the VS default pool for members of the datagroup 
      pool [LB::server pool] member 10.1.1.1 80

   } else {

       Select the VS default pool
      pool [LB::server pool] 
   }
}

Aaron