Forum Discussion
Nimbostratusirule that block host to all ip address except specific ip
Hello,
I need irule that block access to some url for all ip address except specific ip, i wrote the irule and i success to block the url but the problem is that the irule block access to all ip address and i need access from 10.10.10.10
when HTTP_REQUEST { if { [string tolower [HTTP::host]] starts_with "test1.technion.ac.il" || [HTTP::host] starts_with "test2.technion.ac.il" || [HTTP::host] starts_with "test3.technion.ac.il" || [HTTP::host] starts_with "test4.technion.ac.il" and [IP::addr[IP::remote_addr] not equals 10.10.10.10/255.255.255.255] } then { HTTP::respond 404 "Not Found" "Connection" "close" log local0. "This Connetion blocked By iRule My-iRule" } }
Any Suggestions ?
Regards Rafi
15 Replies
Faruk_AYDINAltostratus
Hi Guy,
You missed parenthesizes in if sentence. The correct version of your irule version is :
when HTTP_REQUEST { if { ([string tolower [HTTP::host]] starts_with "test1.technion.ac.il" || [HTTP::host] starts_with "test2.technion.ac.il" || [HTTP::host] starts_with "test3.technion.ac.il" || [HTTP::host] starts_with "test4.technion.ac.il") and [IP::addr[IP::remote_addr] not equals 10.10.10.10/255.255.255.255] } { HTTP::respond 404 "Not Found" "Connection" "close" log local0. "This Connetion blocked By iRule My-iRule" } }
Lee_SutcliffeNacreous
You could simply the logic by placing different host headers into a datagroup:
**DATAGROUP** ltm data-group internal host_dg { records { test1.technion.ac.il {} test2.technion.ac.il {} test3.technion.ac.il {} test4.technion.ac.il {} } type string } **iRULE** when HTTP_REQUEST { if {([class match [HTTP::host] starts_with host_dg]) && ([IP::addr[IP::remote_addr] equals 10.10.10.10/255.255.255.255])} { HTTP::respond 404 "Not Found" "Connection" "close" log local0. "This Connetion blocked By iRule My-iRule" } }
Nandhini_NataraHello Rafish,
Please try the below irule
when HTTP_REQUEST {
set low_host [string tolower [HTTP::host]]
if {(( $low_host starts_with "test1.technion.ac.il" ) || ( $low_host starts_with "test2.technion.ac.il" ) || ( $low_host starts_with "test3.technion.ac.il" ) || ( $low_host starts_with "test4.technion.ac.il" ) )&& ( [IP::addr [IP::client_addr] equals 10.10.10.10] )} {
HTTP::respond 404 content "Blocked by irule" log local0. "$low_host traffic has come from blocked subnet" }
}
I also got the same error and then I have given space between IP::addr and [IP::client_addr]. After that, irule was working fine. You can also given try by giving space between IP::addr and [IP::client_addr]
Nandhini_Natar1Cirrus
Hello Rafish,
Please try the below irule
when HTTP_REQUEST {
set low_host [string tolower [HTTP::host]]
if {(( $low_host starts_with "test1.technion.ac.il" ) || ( $low_host starts_with "test2.technion.ac.il" ) || ( $low_host starts_with "test3.technion.ac.il" ) || ( $low_host starts_with "test4.technion.ac.il" ) )&& ( [IP::addr [IP::client_addr] equals 10.10.10.10] )} {
HTTP::respond 404 content "Blocked by irule" log local0. "$low_host traffic has come from blocked subnet" }
}
I also got the same error and then I have given space between IP::addr and [IP::client_addr]. After that, irule was working fine. You can also given try by giving space between IP::addr and [IP::client_addr]
Rafish_129330Hello,
Thank you very much
The space solve the problem :)
Now how can i add more ip to IP::addr and [IP::client_addr ?
Regards
- Nandhini_Natara
Hello,
You can use [IP::addr [IP::remote_addr] equals ipaddress with mask] in this format.
Eg:
[IP::addr [IP::remote_addr] equals 10.10.10.0/24]
- Nandhini_Natar1
Hello,
You can use [IP::addr [IP::remote_addr] equals ipaddress with mask] in this format.
Eg:
[IP::addr [IP::remote_addr] equals 10.10.10.0/24]
