For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

F5user13_129592's avatar
F5user13_129592
Icon for Nimbostratus rankNimbostratus
Jun 03, 2018

iRULE execution order with data groups

Hello,   I have an iRULE like the one below, what would be the outcome if user with ip 192.168.168.168 accessed http://testserver2.abc.com   when HTTP_REQUEST{ switch -glob[string tolower [HTTP...
application delivery
BIG-IP
iRules
youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
Jun 04, 2018

Hi,

First of you have this condition:

switch -glob [string tolower [HTTP:host]]{ 
    testserver1.abc.com{pool testserver1} 
    testserver2.abc.com {pool testserver2} 
}

Depending the hostname that you enter, you will FW to a specific pool

  • if hostname is testserver1.abc.com, you will forward to pool testserver1
  • if hostname is testserver2.abc.com, you will forward to pool testserver3

Then you have an additional condition:

if { [class match [IP:client_addr] equals external_users]} { 
    pool testserver3 
}

If you source IP is contain in the DG external_users as it happens "192.168.168.0/24" you will forward to pool testserver3.

In your case you enter the followin url http://testserver2.abc.com with source IP 192.168.168.168.

  • So you will match first condition an your pool is set to testserver2
  • but you match second condition due to your source IP and your pool it is finally configured to testserver3

Regards