For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Rodney_Newton_7's avatar
Rodney_Newton_7
Icon for Nimbostratus rankNimbostratus
Oct 05, 2005

iRule Syntax

Can someone show me the equivalent syntax for the following 4.x iRule for version 9.x?

 

 

 

if (http_header("User-Agent") contains "test") {

 

use pool bot

 

}

 

else {

 

if (client_addr == 1.1.1.0 netmask 255.255.255.0) {

 

use pool test

 

}

 

else {

 

if (client_addr == 2.2.2.2) {

 

use pool test

 

}

 

else {

 

if (client_addr == 3.3.3.3) {

 

use pool test

 

}

 

else {

 

if (client_addr == 4.4.4.4) {

 

discard

 

}

 

else {

 

if (http_header("User-Agent") contains "test2") {

 

use pool test

 

}

 

else {

 

if (http_header("User-Agent") contains "test3") {

 

use pool test

 

}

 

else {

 

if (http_header("User-Agent") contains "test.test.com") {

 

use pool test

 

}

 

else {

 

use pool otherpool

 

}

 

}

 

}

 

}

 

}

 

}

 

}

 

}

 

application delivery
dev
devops
iRules

3 Replies

  • Joe_Pruitt's avatar
    Joe_Pruitt
    Oct 05, 2005
    A direct mapping would be something like this (using elseif's instead of nested if's):

    when HTTP_REQUEST {
  if { [HTTP::header "User-Agent"] contains "test" } {
    pool bot
  } elseif { [IP::addr "[IP::client_addr]/24" equals "1.1.1.0/24"] } {  
    pool test
  } elseif { [IP::addr "[IP::client_addr]" equals "2.2.2.2"] } {
    pool test
  } elseif { [IP::addr "[IP::client_addr]" equals "3.3.3.3"] } {
    pool test
  } elseif { [IP::addr "[IP::client_addr]" equals "4.4.4.4"] } {
    discard
  } elseif { [HTTP::header "User-Agent"] contains "test2" } {
    pool test
  } elseif { [HTTP::header "User-Agent"] contains "test3" } {
    pool test
  } elseif { [HTTP::header "User-Agent"] contains "test.test.com" } {
    pool test
  } else {
    pool otherpool
  }
}

    You could probably optimize this a bit by using data groups in combination with the matchclass command to combine a couple of those elseif's into a single. Right now the rule isn't too long, but if there were more User-Agent conditions tested all resulting in the same pool command then a matchclass approach might be more manageable.

    -Joe
  • Rodney_Newton_7's avatar
    Rodney_Newton_7
    Icon for Nimbostratus rankNimbostratus
    Oct 05, 2005
    Thanks Joe...

     

     

    so this would be the correct syntax using a data group named fc_subnet?

     

     

    elseif { [matchclass [IP::client_addr] equals [$::fc_subnet]] }

     

    {pool www_pool}

     

     

    in this example fc_subnet = a /27 network. Do I need the /27 in the [IP:client_addr] argument as well?

     

     

    Thanks again
  • Joe_Pruitt's avatar
    Joe_Pruitt
    Oct 19, 2005
    This looks good but you might want to check out this thread for some version specific issues with matchclass and netmasks.

     

     

    http://devcentral.f5.com/Default.aspx?tabid=28&view=topic&forumid=5&postid=1235

     

    Click here

     

     

    -Joe