Forum Discussion
NimbostratusGeolocation I-Rule not parsing properly
I am trying to create an I-Rule using geolocation blocking. I am blocking everything but US traffic and also allowing certain IP addresses via a data group called whitelist. The rule is not parsing correctly
when CLIENT_ACCEPTED { set allowed 0 if { [ whereis [IP::client_addr] country] eq "US"] or [class match [IP::client_addr] equals "whitelist"] } { set allowed 1 } } when HTTP_REQUEST { if { $allowed == 0 } { log local0. "Blocked Traffic from [IP::client_addr] Redirected"
HTTP::redirect "https://www.blackhawknetwork.com"} }line 3: [parse error: PARSE syntax 99 {syntax error in expression " [ whereis [IP::client_addr] country] eq "US"] or [class ...": extra tokens at end of expression}] [{ [ whereis [IP::client_addr] country] eq "US"] or [class match [IP::client_addr] equals "whitelist"] }]
Any help appreciated
12 Replies
marv_Williams_5Ok I thought this worked but it is not:
when HTTP_REQUEST { log local0. "Location = [whereis [IP::client_addr] country]" if { not ([class match [IP::client_addr] eq "Allowed_Countries"] or [class match [IP::client_addr] equals whitelist]) } { log local0. "Blocked Traffic from [IP::client_addr] Redirected" HTTP::redirect "https://www.blackhawknetwork.com" } }
I need a data group for the countries in case we have multiple that we want to allow through.
