Forum Discussion
Richard_Grigsb1
Altostratus
AltostratusiRule that checks client IP and send to a pool.
I have a case where a Mulesoft private IP address cannot use the FQDN and must use the IP address of the F5 LTM VIP as the host name. I need to limit this access to only IP addresses for the Mulesoft subnet. Here is what I have but is is not working at this time. I can accespt the request is I remove the checking for client IP.
#DA7POLBACORE-TEST-iRule_CONE_Mulesoft_Non-Prod_VPC_Exclude_ver5
when HTTP_REQUEST {
if { ([HTTP::host] equals "testwebsiteadminservice.tcbna.net") } {
if { [class match [IP::client_addr] equals Mulesoft_Non-Prod_VPC] } {
pool DA7POLBACORE-TEST-Pool-1135-OLB-CONE_8444
}
}
if { ([HTTP::host] equals "10.144.112.71") } {
if { [class match [IP::client_addr] equals Mulesoft_Non-Prod_VPC] } {
pool DA7POLBACORE-TEST-Pool-1135-OLB-CONE_8444
}
if { [class match [IP::client_addr] equals Mulesoft_Non-Prod_VPC] } {
reject
}
}
}
- Kevin_Stewart
Employee
Try this:
when HTTP_REQUEST { switch [HTTP::host] { "testwebsiteadminservice.tcbna.net" - "10.144.112.71" { if { [class match [IP::client_addr] equals Mulesoft_Non-Prod_VPC] } { pool DA7POLBACORE-TEST-Pool-1135-OLB-CONE_8444 } } default { reject } } }Also, if the source addresses are in a single contiguous subnet, you could actually just define this subnet in the Source Address field of the VIP.
SajidCirrostratus
an effortless way to achieve your requirement.
Data Group List defined under irule >
when HTTP_REQUEST {
if { ( [class match [IP::client_addr] equals access_list]) } {
pool node_test1_pool
} else {
pool node_test2_pool
}
}
