Forum Discussion
NimbostratusGeolocation I-Rule not parsing properly
I am trying to create an I-Rule using geolocation blocking. I am blocking everything but US traffic and also allowing certain IP addresses via a data group called whitelist. The rule is not parsing correctly
when CLIENT_ACCEPTED { set allowed 0 if { [ whereis [IP::client_addr] country] eq "US"] or [class match [IP::client_addr] equals "whitelist"] } { set allowed 1 } } when HTTP_REQUEST { if { $allowed == 0 } { log local0. "Blocked Traffic from [IP::client_addr] Redirected"
HTTP::redirect "https://www.blackhawknetwork.com"} }line 3: [parse error: PARSE syntax 99 {syntax error in expression " [ whereis [IP::client_addr] country] eq "US"] or [class ...": extra tokens at end of expression}] [{ [ whereis [IP::client_addr] country] eq "US"] or [class match [IP::client_addr] equals "whitelist"] }]
Any help appreciated
12 Replies
kunjanTry this
when CLIENT_ACCEPTED { set allowed 0 if { [whereis[IP::client_addr]country] eq "US" or [class match[IP::client_addr] equals whitelist] } { set allowed 1 } } when HTTP_REQUEST { if { $allowed == 0 } { log local0. "Blocked Traffic from [IP::client_addr] Redirected" HTTP::redirect "https://www.blackhawknetwork.com" } }- marv_Williams_5
Here is the TCL error I am getting:TCL error: /Common/geolocation-country-redirect2 - invalid command name "whereis172.16.100.217country" while executing "whereis[IP::client_addr]country"
- marv_Williams_5
maybe the I-Rule is wrong? I want to allow US traffic and block everything else and then allow only whitelisted traffic. Any ideas if there is a better way to do this?
- kunjan
Try the modified.
when HTTP_REQUEST { if { !([whereis [IP::client_addr] country] eq "US" or [class match [IP::client_addr] equals whitelist]) } { log local0. "Blocked Traffic from [IP::client_addr] Redirected" HTTP::redirect "https://www.blackhawknetwork.com" } } - marv_Williams_5
That rule blocks "US" traffic. Here is what I have been trying unsuccessfully to do:
Allow US traffic Block everything else Allow for a whitelist of specific IP addresses that I can let through
Here is the I-Rule I have been altering to try to accomplish this:
when CLIENT_ACCEPTED { set allowed 0 log local0. "Location = [whereis [IP::client_addr] continent]"
if {{[class match--[ whereis[IP::client_addr]continent] eq Blocked_Continents ] && not [IP::addr][IP::client_addr] equals 70.197.19.197 ]}} { set allowed 1 } } when HTTP_REQUEST { if { $allowed == 1} { log local0. "Blocked Traffic from [IP::client_addr] Redirected"
HTTP::redirect "https://www.blackhawknetwork.com"} }I keep getting boolean tcl errors with the above I-rule
Thanks for your help
- kunjanIf you check the expression, I've negated the condition. So it will redirect if the country doesn't match US or whitelist datagroup(created)
- marv_Williams_5
It is redirecting US traffic to the wrong webpage. if it is not US traffic it should just be allowed through, if it is Non-US traffic is should be redirected to www.blackhawknetwork.com.
- marv_Williams_5
sorry, if it is US traffic, it should be allowed through, if not then it should get redirected to the other website www.blackhawknetwork.com.
- kunjan
Have you tried it? I've changed the "!" to "not" to make it more legible
when HTTP_REQUEST { if { not ([whereis [IP::client_addr] country] eq "US" or [class match [IP::client_addr] equals whitelist]) } { log local0. "Blocked Traffic from [IP::client_addr] Redirected" HTTP::redirect "https://www.blackhawknetwork.com" } } - marv_Williams_5
It is working. If i want to add a list of countries allowed would I just add a class match in front of whereis?
- marv_Williams_5
I figured it out. Both scenarios now work.
