Forum Discussion

Nimbostratus

Feb 22, 2018

iRule assistance

I have an iRule in my environment that was not written by me. This iRule is supposed to block anyone from an external IP from reaching the "heartbeat" page of our web servers. It is written as such: ...

Cirrus

Feb 22, 2018

! is shorthand for "not", so yes any IP not in your datagroup will be blocked

For the extra page I'd consider using starts_with as it's more efficient than contains, and since you're doing a string tolower maybe set the lowercase path as a variable.

Something like this should do it

when HTTP_REQUEST { 
    set lcpath [string tolower [HTTP::path]]

    if { ($lcpath starts_with "/heartbeat") or ($lcpath starts_with "/health") } { 
    if { !([matchclass [IP::client_addr] equals private_net])} { 
     discard 
        }
     }
   }

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

iRule assistance

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

iRule causing requests to be duplicated (sometimes)

SSL Bridging and FQDN rewrite Policy

How can I get started with iCall

Checking for X-Forwarded-For against an Address Data-Group

After upgrading from PeopleTools 8.59.11 to 8.61.11 F5 APM is not rewriting the internal URLs

Related Content

Introducing the F5 AI Assistant for BIG-IP

iRule to assist with CVE-2022-22965 mitigation

Re: Welcome to the F5 BIG-IP Migration Assistant

Introducing AI Assistant for F5 Distributed Cloud, F5 NGINX One and BIG-IP

Requesting Assist with iRule Please

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS