For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Tyranon_113005's avatar
Tyranon_113005
Icon for Nimbostratus rankNimbostratus
Sep 18, 2018

How iRule works when a persistence adapted?

I want the HTTP access depend on uri and IPaddress.(LTM version 11.5.1) For specific client ipaddress(data group list CCclient), I want it access to poolB, others to poolA or 404 resopond. But mayb...
devops
LTM
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Sep 18, 2018

You maybe have some conflicting logic here. At the very least I'd suggest inserting some logging to see how things are really being handled.

when HTTP_REQUEST {
    if { [HTTP::header exists "X-True-IP"] } {
        set clientip [HTTP::header "X-True-IP"]
    } else {
        set clientip [IP::client_addr]
    }
    set uri [string tolower [HTTP::uri]]
    if { $uri contains "/test.xml" } then {
        if { ( [class match $clientip equals CCclient] ) } then {
            log local0. "uri contains /text.xml - sending to pool B"
            pool B
        } else {
            log local0. "sending 404 response"
            HTTP::respond 404 content "404 File Not Found"
        }
    }
    if { $uri contains "ref=trust" } {
        log local0. "uri contains ref=trust - sending to pool B"
        pool B
    } else {
        log local0. uri doesn't contain ref=trust - sending to pool A"
        pool A
    }
}

So basically, for it to go to pool B, the request URI has to contain "/test.xml" AND "ref=trust", and the IP has to be in the data group.

Related Content