Forum Discussion
Help with iRule - Access Control Based on IP
I am trying to use Access Control Based on IP irule to restrict access to a virtual server.
However when i apply the iRule the connection gets rejected and i see this in the logs (this is all in my lab):
TCL error: /jeclab/allowed_clients_2 <CLIENT_ACCEPTED> - can't read "::trustedAddresses": no such variable while executing "matchclass [IP::client_addr] equals $::trustedAddresses"
iRule, datagroup and virtual config attached.
Jose_Cruz The reason for this error is because your variable is entered in incorrectly and should be $trustedAddresses but you have $::trustedAddresses with the two : between the $ and the data-group name.
- JRahmAdmin
Hi Jose_Cruz,
matchclass was deprecated in v10, and that iRule should look like instead:
when CLIENT_ACCEPTED priority 500 { if { [class match -- [IP::client_addr] equals trustedAddresses] } { #Uncomment the line below to turn on logging. log local0. "Valid client IP: [IP::client_addr] - forwarding traffic" forward } else { #Uncomment the line below to turn on logging. log local0. "Invalid client IP: [IP::client_addr] - discarding" discard } }
Your data-group has the same value as the key, is this intended? Not sure what use that is, if you are not using values, you do not need to set them.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com