Forum Discussion
Joe_Clark_45172
Nimbostratus
NimbostratusiRule for source IP addresses
I am very new to iRules.
I need some help creating an iRule to make HTTP redirect based on the source IP address
when CLIENT_ACCEPTED {
if {([IP::addr [IP::client_addr] equals 10.70.64.0/20]
HTTP Redirect
{
HTTP::redirect https://10.70.162.59
}
}
This is the setup that I am trying to do, but it is not getting configured correctly. Has anyone worked on something like this?
Thank you
Michael_YatesHi Joe,
An HTTP::redirect is not valid in the CLIENT_ACCEPTED Event. You may want to consider moving to the HTTP_REQUEST Event.when HTTP_REQUEST { if { [IP::addr [IP::client_addr] equals 10.70.64.0/20] } { HTTP::redirect https://10.70.162.59 } }
Joe_Clark_45172Ok, I need to add more detail to my issue:
This is a connection for a new VMware View 5.1 Environment built on an iApp
This is connecting to an external IP address that is sent the VIP in our DMZ to connect to Security Servers. The security servers proxy the connection into the Internal VIP for the connection servers.
This works fine externally. Where we are having issues is when people are on our Guest wireless network which is another DMZ. When the users connect to the security servers, they can login, but can't connect to the View Desktop. We are thinking that this comes from the fact that we don't allow "hair-pinning" on the firewall, so I am looking at a URL rewrite for the users in the Guest wireless DMZ
So, when a user connects from external, the security servers send a URL for the client to connect to, I need that URL rewritten when sent to the clients.
so the user connects to the Guest network.
Those users are on a 10.0.0.0/20 network
The URL External is 208.1.1.1
The URL Internal is 10.0.0.10
This is what I have been looking at
when HTTP_REQUEST {
if { ({HTTP::host eq "208.1.1.1" and [IP::addr[IP::client_addr] equals 10.0.0.0/20]}{
HTTP::redirect "10.0.0.10"
}}
Does this make sense?
nitassEmployee
if { ({HTTP::host eq "208.1.1.1" and [IP::addr[IP::client_addr] equals 10.0.0.0/20]}{HTTP::host should be enclosed with bracket i.e. [HTTP::host]
HTTP::redirect "10.0.0.10"i think it should look like the one Michael suggested e.g. HTTP::redirect "https://10.0.0.10/, HTTP::redirect "https://10.0.0.10[HTTP::uri]"
anyway, i never used vmware view but i feel it might not be right. have you tried to run tcpdump/ssldump to see what is going on indeed?
just my 2 cents- Kevin_StewartI could be mistaken here, but when the user tries to connect to a remote desktop, the security server sends a small piece of XML data to the View client. At the point that the View client attempts to connect, I don't think it's HTTP anymore, or rather not sure the View client can handle a redirect. If that's true, then I think your best bet is to rewrite that XML on its way to the client.
