Forum Discussion
cmard_195831
Nimbostratus
Nimbostratushelp on an irule
Hello,
I have the following irule which is working fine:
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/EBanking2/admin" } {
if { not ([IP::client_addr] equals "208.222.129.101") ...
Your rule:
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/EBanking2/admin" } {
if { not ([IP::client_addr] equals "208.222.129.101") } {
HTTP::redirect "http://www.coop.com.cy"
log local0. "IP: [IP::client_addr] tried to access /EBanking2/admin from the Internet."
}
}
}
So I assume you want to redirect when the client source address is neither 208.222.129.101 nor the other address. If so (and using 203.0.113.1 as the other IP for this example):
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/EBanking2/admin" } {
if { not ([IP::client_addr] equals "208.222.129.101" or [IP::client_addr] equals "203.0.113.1") } {
HTTP::redirect "http://www.coop.com.cy"
log local0. "IP: [IP::client_addr] tried to access /EBanking2/admin from the Internet."
}
}
}
An alternative would be to use a data-group. So, you would define a data-group like this:
create ltm data-group internal non-redirect-ips type ip records add { 208.222.129.101 {} 203.0.113.1 {} }
Then change the iRule thusly:
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/EBanking2/admin" and ![class match [IP::client_addr] equals non-redirect-ips]} {
HTTP::redirect "http://www.coop.com.cy"
log local0. "IP: [IP::client_addr] tried to access /EBanking2/admin from the Internet."
}
}
The advantage is that you can add, change or delete IP addresses that are exempted without changing the iRule itself. You need only alter the data-group, which can be done via tmsh or the WebUI.
cmard_195831Thank you for your feedback. We will try and let you know
