Help with iRule - Access Control Based on IP

Question

I am trying to use Access Control Based on IP irule to restrict access to a virtual server.

However when i apply the iRule the connection gets rejected and i see this in the logs (this is all in my lab):

TCL error: /jeclab/allowed_clients_2 <CLIENT_ACCEPTED> - can't read "::trustedAddresses": no such variable while executing "matchclass [IP::client_addr] equals $::trustedAddresses"

iRule, datagroup and virtual config attached.

paulius · Answer

Jose_Cruz The reason for this error is because your variable is entered in incorrectly and should be $trustedAddresses but you have $::trustedAddresses with the two : between the $ and the data-group name.

jrahm · Answer

Hi&nbsp;Jose_Cruz,
matchclass was deprecated in v10, and that iRule should look like instead:
when CLIENT_ACCEPTED priority 500 {
    if { [class match -- [IP::client_addr] equals trustedAddresses] } {
        #Uncomment the line below to turn on logging.
        log local0. "Valid client IP: [IP::client_addr] - forwarding traffic"
        forward
    } else {
        #Uncomment the line below to turn on logging.
        log local0. "Invalid client IP: [IP::client_addr] - discarding"
        discard
    }
}
Your data-group has the same value as the key, is this intended? Not sure what use that is, if you are not using values, you do not need to set them.

Forum Discussion

Help with iRule - Access Control Based on IP

Recent Discussions

MAC address of deleted VS IP address still responsive

Different common name ssl acces 403 forbiddent

TMSH Command to list ASM policies not attached to any virtual servers in all partitions

dynamic signature detection

DNS HM Probe issue

Related Content

Take Control of Identity and Access Management in the Cloud

iRule To Control Access Based on Source and Destination Addresses

Link Controller

Control access to Exchange services

iRule to access F5 certificate store

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS