Forum Discussion
ryank5589
Nimbostratus
NimbostratusiRule expressions for not-eqauls in datagroup
Hey all, I am looking to create an irule to match a uri and datagroup list (IP address in datagroup) to send to the pool, then if it matches the same uri and it doesn't match the ip address in...
ryank5589Nimbostratus
Nimbostratuscjunior, sorry if I didn't explain it well. Based on your input I was able to create a policy to NOT match the IP's in the class match, which seems to have solved my current issue.
when HTTP_REQUEST {
if { ([HTTP::uri] equals"/logon/java") && ([class match [IP::client_addr] equals JAVA_Networks]) } {
pool pool_java_uri_443
} else {
if { ([HTTP::uri] equals"/logon/java" ) && ( not [class match [IP::client_addr] equals JAVA_Networks]) } {
HTTP::redirect https://externalpage.com/notjava
}
}
}
cjuniorNacreous
OK buddy.
This rule you wrote has exactly same condition check that I sent you before, but, your version is heavier to process when client address is not in JAVA_Networks data group.
See, you are running "class match" again in case of uri matches that path and IP isn't in group on first check.
I'm not supposed to tell what version is better or correct to you.
It is just to you understand that my code is optimized and have same final behavior in better performance, right?
Describing that lines:
Your code:
1a) If URI equals /logon/java and also IP is in Group ?
Goto the pool
2a) Else if URI equals /logon/java and also IP is not in Group ?
Redirect
3a) None alternative above? ("Else" implicit on code)
Go ahead
Mine:
If URI equals /logon/java ? (It covers first check for 1a and 2a conditions)
So, IP is in Group ? (Run class match and return is True or False / Matches 1a when True)
Goto the pool
Else (Matches 2a / No need to run class match as it is obviously false)
Redirect
None alternative above? (Same as 3a)
Go ahead
Am I wrong? Did I forget something?
Kind regards.