Forum Discussion
Michel_Lepage_5
Nimbostratus
Nimbostratusirule sequence of events
What is the sequence of events.
For example
Does HTTP_REQUEST happen before or after CLIENT_ACCEPTED
I need to allow access to a specific URI only to 2 specific IP addresses
I have this irule. Do I need to check the URI before or after
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 1ST_ADDRESS || [IP::addr [IP::client_addr] equals 2ND_ADDRESS] } {
log local0. "Valid client IP: [IP::client_addr] - forwarding traffic"
forward
}
else {
discard
log local0. "Invalid client IP: [IP::client_addr] - discarding"
}
}
Thank you your help
Michel
3 Replies
The HTTP event happens after the when Client_accepted. Truth is you can check then at the same time in the when HTTP_REQUEST. Something like below.
when HTTP_REQUEST { if { ! [[HTTP::uri] euqals "whatever"] && [class match [IP::client_addr] equals "localusers_dg" ] } { drop } }- JRahm
Admin
CLIENT_ACCEPTED fires immediately after the TCP handshake happens (for TCP obviously), HTTP_REQUEST fires when each GET/PUT/HEAD/POST/etc occurs, but after CLIENT_ACCEPTED. For things that only need to happen once in a connection (IP/TCP comparisons or logging) it makes sense to do that in CLIENT_ACCEPTED so they aren't evaluated for each http request within a connection. If you need that data for use within the http events, you can always set a variable if the context changes. - nitass
Employee
John and Jason have drawn a nice diagram below.
iRules HTTP Event Order Update
https://devcentral.f5.com/articles/irules-http-event-order-update.UinomW0-ZQI
