For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

msaunders's avatar
msaunders
Icon for Nimbostratus rankNimbostratus
Jul 26, 2017

If not path1 or path2 irule issue

Having a tough time with if/or. Any help is appreciated!!! This is close, but not working:

When request is from a public IP if the path is not /carinfoapi_usertest or /carinfoapi_dev, drop the packets otherwise, allow any path

when HTTP_REQUEST{ switch -glob -- [string tolower [HTTP::host]] { "host.domain.com"{ if { ! ([class match [IP::client_addr] equals private_net ]) }{ if { ! ( [string tolower [HTTP::path]] starts_with "/carinfoapi_dev" || "/carinfoapi_usertest" ) }{ reject } else { pool host.domain.com_pool } } else { pool host.domain.com_pool } return }

                                        }
                }
application delivery
iRules
LTM

1 Reply

  • msaunders's avatar
    msaunders
    Icon for Nimbostratus rankNimbostratus
    Jul 27, 2017

    Figured it out. For some reason, the nested 'if' was causing an issue. Combining into one statement works:

     

    when HTTP_REQUEST{ switch -glob -- [string tolower [HTTP::host]] { "host.domain.com"{ if { ! ([class match [IP::client_addr] equals private_net ]) && ! ([string tolower [HTTP::path]] starts_with "/carinfoapi_dev" || [string tolower [HTTP::path]] starts_with "/carinfoapi_usertest" ) }{ reject } else { pool host.domain.com_pool } return }}}