IP and HTTP Events iRule

What I would look at doing is in the CLIENT_CONNECTED event have a data group with IP:clientID. When the IP is looked up the value returned is the clientID. Then in the HTTP_REQUEST you can turn the clientID that was returned in the CLIENT_CONNECTED to be the datagroup name for all the URI the client can connect to.

 

This will still require one look up per HTTP Request but it would cut down the IP lookup and make the iRule easier to maintain as all you would need to do is create one Data group per customer with the sane name as the clientID in the IP lookup. Just a thought.

 

what version are you running? source address virtual server configuration is introduced in 11.3.0. it may be useful.

 

sol14800: Order of precedence for virtual server matching (11.3.0 and later)

 

http://support.f5.com/kb/en-us/solutions/public/14000/800/sol14800.html

 

and starting from 9.4.4, $:: prefix is no longer required to reference class. class is now cmp compatible.

 

CMP Compatibility

 

https://devcentral.f5.com/wiki/iRules.cmpcompatibility.ashx

 

I did this awhile ago. Here is the best way to do this Your prefix URI's below are /xl and /ce. The source IP list that secure each customers prefix URI's go into the acl datagroup objects as address type

when HTTP_REQUEST {
   switch -glob [URI::decode [string tolower [HTTP::uri]]] {
      /xl* { if { ([class match [IP::remote_addr] equals $::xl_acl]) } { return } }
      /ce* { if { ([class match [IP::remote_addr] equals $::ce_acl]) } { return } } 

      default {
         discard
      }
   }
}