Forum Discussion
Shawn_Puckett_8
Nimbostratus
NimbostratusIP blocking and URI Redirect
We need two rules to be validated before a user is sent to a pool, first we need to make sure they are coming from an allowed IP, then we need to see if they want to go to a specific server via the UR...
I would throw in some logging to find out where the rule is not behaving as you would expect.
For each logic path in your rule, throw in a log statement and look in the /var/log/ltm file for the output.
when HTTP_REQUEST {
if { [matchclass [IP::client_addr] eq $::allowed_client_IP] } {
log local0. "address [IP::client_addr] found in allowed_client_IP list"
if { [HTTP::uri] contains "qatest01" } {
log local0. "Found qatest01 in uri '[HTTP::uri]'"
use pool QATest01-Port80
} elseif { [HTTP::uri] contains "qatest02" } {
log local0. "Found qatest02 in uri '[HTTP::uri]'"
use pool QATest02-Port80
} else {
log local0. "Didn't find a match in uri '[HTTP::uri]'"
use pool QATest01-02-Port80
}
} else {
log local0. "address [IP::client_addr] not found in allowed_client_IP list"
reject
}
}This should lead you to where the problem lies.
As for the HTTPS to HTTP, that shouldn't be a problem as long as you are terminating the SSL connection and not re-encrypting it to the backend (which I'm sure it is if your first rule works).
-Joe
