Forum Discussion

CGI's avatar
CGI
Icon for Altostratus rankAltostratus
May 08, 2011

Irule and Bigip Health

Hi i have a irule that i recieved help with from the forum (thanks again), now when i was running the Ihealth tool, it drew my attention

to a problem when using http::respond when at the same time using ASM. (which we do, the problem is documented in sol11143)

 

Now iam a extreme begineer with irules, so i chose the option to disable ASM before and enable at the start of the irule instead.

 

Would this work ? or is there a better alternative ?

 

Also how can i log the execution of the irule, to see that the ASM is in fact disabled and then enabled again.

 

 

 

The irule in question is below:-

 

 

 

 

 

 

when CLIENT_ACCEPTED {

 

ASM::enable

 

if {([class match [whereis [IP::client_addr] country] eq allowed_country] or [class match [IP::client_addr] eq allowed_ip])} {

 

set allowed 1 }

 

else { set allowed 0 }}

 

 

 

when HTTP_REQUEST {

 

if { $allowed eq 1 } {

 

Uncomment the line below to turn on logging.

 

log local0. "Valid client IP: [IP::client_addr]"

 

}

 

else {

 

ASM::disable

 

HTTP::respond 403 content "The country or IP is not allowed to access this site"

 

log local0. "Blocked Country client IP: [IP::client_addr] from [whereis [IP::client_addr] country]" } }

 

 

 

 

Any thanks for the great help i have recieved and the patience exhibited with the newbies like me.

 

 

 

Regards Craig

 

application delivery
dev
devops
iRules

1 Reply

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    May 09, 2011
    Hi Craig,

     

     

    Your iRule is not a serverside rule, so you should be fine with what you have. And you're disabling ASM anyhow, so even if you were liable to hit the issue in ID 221949, disabling ASM in the rule should avoid it.

     

     

    Aaron