iRule that checks client IP and send to a pool.
I have a case where a Mulesoft private IP address cannot use the FQDN and must use the IP address of the F5 LTM VIP as the host name. I need to limit this access to only IP addresses for the Mulesoft subnet. Here is what I have but is is not working at this time. I can accespt the request is I remove the checking for client IP.
#DA7POLBACORE-TEST-iRule_CONE_Mulesoft_Non-Prod_VPC_Exclude_ver5
when HTTP_REQUEST {
if { ([HTTP::host] equals "testwebsiteadminservice.tcbna.net") } {
if { [class match [IP::client_addr] equals Mulesoft_Non-Prod_VPC] } {
pool DA7POLBACORE-TEST-Pool-1135-OLB-CONE_8444
}
}
if { ([HTTP::host] equals "10.144.112.71") } {
if { [class match [IP::client_addr] equals Mulesoft_Non-Prod_VPC] } {
pool DA7POLBACORE-TEST-Pool-1135-OLB-CONE_8444
}
if { [class match [IP::client_addr] equals Mulesoft_Non-Prod_VPC] } {
reject
}
}
}