Forum Discussion
NimbostratusHow to modify this Irule with HTTP_REQUEST replacing CLIENT_ACCEPTED
Kindly guide:
- To delete the CLIENT_ACCEPTED part and replace the same with HTTP_REQUEST and
- Also to remove the IP SEGMENT PART: 172.27.64.0/22
- Query: Incase, I keep CLIENT_ACCEPT and use 0.0.0.0/32, will it be use for every segment ?
- And in same Irule, wanted to make use of default { HTTP::redirect https://[HTTP::host][HTTP::uri] }
when CLIENT_ACCEPTED {
if { [IP::addr [IP::clientexample_addr] equals 172.27.64.0/22] } {
snat automap
}
switch [TCP::localexample_port] {
"5000" {
pool example_ems
}
"5005" {
pool example_ems
}
"5100" {
pool example_webvis
}
"5105" {
pool example_webvis
}
"5110" {
pool example_recall
}
"5115" {
pool example_recall
}
"5200" {
pool example_recon
}
"5205" {
pool example_recon
}
"5400" {
pool example_hub
}
"5405" {
pool example_hub
}
default {
log local0.alert "[virtual name] [TCP::localexample_port] - No port match - TCP Reject"
reject
}
}
}
4 Replies
- Kevin_Stewart
Employee
You should still be able to use the TCP::local_port command in the HTTP_REQUEST event, so:
when HTTP_REQUEST { switch [TCP::local_port] { "5000" { pool example_ems } "5005" { pool example_ems } "5100" { pool example_webvis } "5105" { pool example_webvis } "5110" { pool example_recall } "5115" { pool example_recall } "5200" { pool example_recon } "5205" { pool example_recon } "5400" { pool example_hub } "5405" { pool example_hub } default { HTTP::redirect "https://[HTTP::host][HTTP::uri]" } } }You could also save yourself the hassle of a complex iRule by using a data group:
when HTTP_REQUEST { if { [class match [TCP::local_port] equals my_datagroup] } { pool [class match -value [TCP::local_port] equals my_datagroup] } else { HTTP::redirect "https://[HTTP::host][HTTP::uri]" } }where "my_datagroup" is a string-based data group:
5000 := example_ems 5005 := example_ems 5100 := example_webvis 5105 := example_webvis 5110 := example_recall 5115 := example_recall 5200 := example_recon 5205 := example_recon 5400 := example_hub 
Parveez_70209Hi Kevin,
Incase we wanted to keep CLIENT_ACCEPTED and if I put 0.0.0.0/32(wanted to match everything) in place of 172.27.64.0/22, will it work?
Original Irule:
when CLIENT_ACCEPTED { if { [IP::addr [IP::clientexample_addr] equals 172.27.64.0/22] }
Planning:
when CLIENT_ACCEPTED { if { [IP::addr [IP::clientexample_addr] equals 0.0.0.0/32] }
- Kevin_Stewart
It should work, but what would be point of matching everything?
xmatt_99538Correct me if I'm wrong but 0.0.0.0/32 wouldn't be everything... it would be 0.0.0.0 specific right? Everything would be 0.0.0.0/0 I would have thought.
