Forum Discussion
NimbostratusiRule redirect based on client IP address
Hi all,
Need some assistance creating an iRule based on traffic originating from 2 source IP's:
Source IP:
10.1.1.1
10.1.1.2
If traffic comes into an existing vip (10.100.100.100 - iRule applied on this vip) on either of those 2 source IP's, redirect to new vip (10.200.200.200).
Thanks!
5 Replies
- Kevin_Stewart
Employee
Please try this:
when HTTP_REQUEST { if { ( [IP::addr [IP::client_addr] equals 10.1.1.1] ) or ( [IP::addr [IP::client_addr] equals 10.1.1.2] ) } { HTTP::redirect "http://10.200.200.200" } }You could also source the IP information from an address-based data group and make your iRule much simpler:
when HTTP_REQUEST { if { [class match [IP::client_addr] equals my_ip_dg] } { HTTP::redirect "http://10.200.200.200" } }where "my_ip_dg" is an address-based data group that can hold various IPs and IP subnets.
Pete_Paiva_7147I created the iRule (using first method above) applied it to the existing vip but it doesn't seem to be working as expected. Any suggestion on what to try next?
- Kevin_Stewart
It's probably worth some debug logging:
when HTTP_REQUEST { log local0. "Client: [IP::client_addr]" if { ( [IP::addr [IP::client_addr] equals 10.1.1.1] ) or ( [IP::addr [IP::client_addr] equals 10.1.1.2] ) } { log local0. "Redirecting" HTTP::redirect "http://10.200.200.200" } else { log local0. "Not redirecting" } }You can tail the LTM log from the management shell:
tail -f /var/log/ltmOr watch it from the Logs section of the management GUI. I prefer the former.
- Pete_Paiva_7147
Kevin,
Problem solved, the logging helped. I had to add a %1 after the IP, I think it has something to do with the way the partitions were set up.
Thanks again for the help!
Allanwynn_16283how about when based on client's network address not with certain ip?
