Forum Discussion
NimbostratusHelp needed with an iRule to return 401 for sites
Hi,
I am working on an iRule that I would like to loop through a data group list and for each url in the site, return a 401 error for everyone bar one machine, who's IP I have in the condition (the server should not be proxied so the IP of the machine is the final IP to reach F5).
I have the below but it does not work:
when HTTP_REQUEST {
if {not [IP::addr [IP::client_addr] equals x.x.x.x]} {
if { ([class match [string tolower [HTTP::host][HTTP::uri]] contains LegalSites]) } {
HTTP::respond 401
}
}
}
LegalSites is a datagroup uploaded from a txt file with a url per line. I'm not sure if I should use string or address as the type for URLs?
How could I also state if the date and time is => 8/14/2016 18:00 then the rule should execute (i.e. another if condition)? I am also not sure what the difference is between client ip and remote ip?
Thanks!
2 Replies
Vijay_ECirrus
Try this:
when HTTP_REQUEST { if {not ([IP::addr [IP::client_addr] equals x.x.x.x]) } { if { ([class match [string tolower [HTTP::host][HTTP::uri]] contains LegalSites]) } { HTTP::respond 401 Location "http://[HTTP::host][HTTP::uri]" } } }For serving error page, look at this devcentral link and this link.
Check this for time-based iRule execution: link text
Stanislas_Piro2Cumulonimbus
Hi,
- client_ip is the client IP
- remote_ip is client IP in clientside events (HTTP_request is a clientside event), and server IP in server side events
Why do you respond with 401 code which is the authentication response code.
if you want authentication, you must reply with the following parameters:
HTTP::respond 401 noserver WWW-Authenticate "Basic realm=\"Your authentication realm\""if you want HTTP redirect (with location header), the response code is 302 (temporary redirect) or 301 (persistent redirect)
