Forum Discussion
Leonjsr_323498
Nimbostratus
NimbostratusHelp with irule ip whitelist for uri
Hi, when I use this config, I get two errors associated with line 6,
error: [undefined procedure: and][and]
error: [undefined procedure: not][not]
`
I am trying to allow anyone access to mouse-anet.abc.com but restrict access to an address data group list for this link "mous-anet.123.com/cgi-bin/dfkiosk.ph". I tried a few variation of this config, but they seem to block everything to mous-anet.123.com.
`when HTTP_REQUEST {
if { [HTTP::header "Host"] starts_with "mous.123.com" } {
snatpool mous_SNAT
node 172.21.1.157 80
} elseif { [HTTP::header "Host"] starts_with "mous-anet.123.com" } {
if { [string tolower [HTTP::uri]] equals "/cgi-bin/dfkiosk.ph" } and not { [class match [IP::client_addr] equals mouse-anetDEV-Restricted } {
drop
} else {
snatpool mous_SNAT
node 172.21.1.161 80
}
} elseif { [HTTP::header "Host"] starts_with "mousrf-anet.123.com" } {
snatpool mous_SNAT
node 172.21.1.159 80
}
}
Does anything seem off? Appreciate any help. Thanks
Jad_Tabbara__J1Cirrostratus
Hello Leon,
Please try the following irule, I've corrected the syntax.
when HTTP_REQUEST { set host [string tolower [HTTP::header "Host"]] if { $host starts_with "mous.123.com" } { snatpool mous_SNAT node 172.21.1.157 80 } elseif { $host starts_with "mous-anet.123.com" } { if { ([string tolower [HTTP::uri]] equals "/cgi-bin/dfkiosk.ph") and not ([class match [IP::client_addr] equals "mouse-anetDEV-Restricted"])} { drop } else { snatpool mous_SNAT node 172.21.1.161 80 } } elseif { $host starts_with "mousrf-anet.123.com" } { snatpool mous_SNAT node 172.21.1.159 80 } }Waiting for you feedback
Regards