iRule redirect based on client IP address

Question

Hi all,&nbsp;
Need some assistance creating an iRule based on traffic originating from 2 source IP's:&nbsp;
Source IP:&nbsp;
10.1.1.1&nbsp;
10.1.1.2&nbsp;
If traffic comes into an existing vip (10.100.100.100 - iRule applied on this vip) on either of those 2 source IP's, redirect to new vip (10.200.200.200).&nbsp;
Thanks!&nbsp;

kevin_stewart · Answer

It's probably worth some debug logging:
when HTTP_REQUEST {
    log local0. "Client: [IP::client_addr]"
    if { ( [IP::addr [IP::client_addr] equals 10.1.1.1] ) or ( [IP::addr [IP::client_addr] equals 10.1.1.2] ) } {
        log local0. "Redirecting"
        HTTP::redirect "http://10.200.200.200"
    } else {
        log local0. "Not redirecting"
    }
}

You can tail the LTM log from the management shell:
tail -f /var/log/ltm

Or watch it from the Logs section of the management GUI. I prefer the former.

kevin_stewart · Answer

Please try this:
when HTTP_REQUEST {
    if { ( [IP::addr [IP::client_addr] equals 10.1.1.1] ) or ( [IP::addr [IP::client_addr] equals 10.1.1.2] ) } {
        HTTP::redirect "http://10.200.200.200"
    }
}

You could also source the IP information from an address-based data group and make your iRule much simpler:
when HTTP_REQUEST {
    if { [class match [IP::client_addr] equals my_ip_dg] } {
        HTTP::redirect "http://10.200.200.200"
    }
}

where "my_ip_dg" is an address-based data group that can hold various IPs and IP subnets.

pete_paiva_7147 · Answer

I created the iRule (using first method above) applied it to the existing vip but it doesn't seem to be working as expected.  Any suggestion on what to try next?&nbsp;

pete_paiva_7147 · Answer

Kevin,&nbsp;
Problem solved, the logging helped.  I had to add a %1 after the IP, I think it has something to do with the way the partitions were set up.&nbsp;
Thanks again for the help!&nbsp;

allanwynn_16283 · Answer

how about when based on client's network address not with certain ip?&nbsp;

Forum Discussion

iRule redirect based on client IP address

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

F5 HTTPS Redirect 2025

F5 BIG-IP deployment with Red Hat OpenShift - keeping client IP addresses and egress flows

APM custom address space by client IP?

Filtering traffic based on client ip address and URL

Restricting Access to Virtual from client IP address in X-Forwarder-For HTTP header