For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

marv_Williams_5's avatar
marv_Williams_5
Icon for Nimbostratus rankNimbostratus
Apr 20, 2015

Geolocation I-Rule not parsing properly

I am trying to create an I-Rule using geolocation blocking. I am blocking everything but US traffic and also allowing certain IP addresses via a data group called whitelist. The rule is not parsing correctly

when CLIENT_ACCEPTED { set allowed 0 if { [ whereis [IP::client_addr] country] eq "US"] or [class match [IP::client_addr] equals "whitelist"] } { set allowed 1 } } when HTTP_REQUEST { if { $allowed == 0 } { log local0. "Blocked Traffic from [IP::client_addr] Redirected"

HTTP::redirect "https://www.blackhawknetwork.com"} } 
line 3: [parse error: PARSE syntax 99 {syntax error in expression "  [ whereis [IP::client_addr] country] eq "US"]  or  [class ...": extra tokens at end of expression}] [{  [ whereis [IP::client_addr] country] eq "US"]  or  [class match [IP::client_addr] equals "whitelist"] }]

            Any help appreciated
application delivery
LTM

12 Replies

Show More
  • marv_Williams_5's avatar
    marv_Williams_5
    Icon for Nimbostratus rankNimbostratus
    Apr 22, 2015

    Ok I thought this worked but it is not:

     

    when HTTP_REQUEST { log local0. "Location = [whereis [IP::client_addr] country]" if { not ([class match [IP::client_addr] eq "Allowed_Countries"] or [class match [IP::client_addr] equals whitelist]) } { log local0. "Blocked Traffic from [IP::client_addr] Redirected" HTTP::redirect "https://www.blackhawknetwork.com" } }

     

    I need a data group for the countries in case we have multiple that we want to allow through.