For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Javier_124486's avatar
Javier_124486
Icon for Nimbostratus rankNimbostratus
Sep 30, 2017

iRule and Datagroup with multiple conditions

Hello, I am trying to create an iRule to drop traffic without using ASM, only LTM. I have four sets of conditions, two of then kind of nested, to execute the drop. "Basically" i have Datagroup ONE...
application delivery
LTM
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Oct 03, 2017

Hi,

the better solution is not to create 4 data groups but only 2 containing action in value.

  • specific_uri with values:
    • /uri1 := allow
    • /uri2 := deny
    • /uri3 := allow
  • wildcard_uri with values:
    • /uri4/ := allow
    • /uri5/ := deny
    • /uri6/ := allow

then use this irule:

when HTTP_REQUEST {
    if {[set policy_status [class match -value [HTTP::uri] equals specific_uri]] equals ""} {
        set policy_status [class match -value [HTTP::uri] starts_with wildcard_uri]
    }
    switch $policy_status {
        "allow" {
             do nothing
        }
        "deny" {
            HTTP::respond 200 content {Request denied}
        }
        default {
             what is the default value
        }
    }
}