Forum Discussion
Generally with iRules we want to target the most generic item first. Most of your clients will not be from that specific IP address. So to prevent your iRule from running unnecessary code for each request you should target that address first.
Because we can check the address at connection time this means we can decide whether to even run the HTTP code with event disable. This means we only perform the IP check once per connection instead of every single HTTP request in the original iRule. Then we run the HTTP code only if the address matches.
when CLIENT_ACCEPTED {
if {[IP::client_addr] ne "192.168.7.106"} { event HTTP_REQUEST disable }
}
when HTTP_REQUEST {
now this only runs if the IP address matched above
switch -glob [string tolower [HTTP::uri]] {
"/microsoft-server-activesync*" {
drop
}
}
}
See the event disable command https://devcentral.f5.com/wiki/iRules.event.ashx
This iRule checks for the IP address. If it does not match it disables the HTTP_REQUEST event. This means the subsequent code inside that event will never run.