Forum Discussion

Jose_Cruz's avatar
Jose_Cruz
Icon for Altostratus rankAltostratus
Mar 17, 2023

Help with iRule - Access Control Based on IP

I am trying to use Access Control Based on IP irule to restrict access to a virtual server.   However when i apply the iRule the connection gets rejected and i see this in the logs (this is all in ...
JRahm's avatar
JRahm
Icon for Admin rankAdmin
Mar 20, 2023

Hi Jose_Cruz,

matchclass was deprecated in v10, and that iRule should look like instead:

when CLIENT_ACCEPTED priority 500 {
    if { [class match -- [IP::client_addr] equals trustedAddresses] } {
        #Uncomment the line below to turn on logging.
        log local0. "Valid client IP: [IP::client_addr] - forwarding traffic"
        forward
    } else {
        #Uncomment the line below to turn on logging.
        log local0. "Invalid client IP: [IP::client_addr] - discarding"
        discard
    }
}

Your data-group has the same value as the key, is this intended? Not sure what use that is, if you are not using values, you do not need to set them.