Forum Discussion
Stan_Hurton_111
Nimbostratus
NimbostratusIrule broken after upgrade from v9.x to v10.0.1
We had an Irule validating a group with a list of approved IP addresses, but the rule stopped working after upgrading to v10.0.1
The 10.0.1 version doesn't complain about the syntax, the rule just stopped working and blocks every IP.
Here is the rule as it worked in v9.x:
when CLIENT_ACCEPTED {
if {$::WSAnonAddresses contains [IP::client_addr]} {
pool WSAnon}
else {
discard}
}
Does anyone know what the problem may be?
hoolioCirrostratus
Hi,
Sorry to hear that the rule took down the VIP. I wonder if your iRule would have been converted automatically if you'd been using 'matchclass [IP::client_addr] equals $::WSAnonAddresses' to evaluate the client IP address against the datagroup. What you have would have done a less efficient string comparison in 9.x. I haven't tested this in an upgrade before. In general, it's a good idea to do full regression testing of your iRules in a dev environment when upgrading to a new feature release.
To fix this, try replacing the contains expression with the new class command (Click here):
Replace this:
if {$::WSAnonAddresses contains [IP::client_addr]} {
with this:
if {[class match [IP::client_addr] equals WSAnonAddresses]}{
where WSAnonAddresses is an address type datagroup.
Aaron