Forum Discussion

Jasa_74968's avatar
Jasa_74968
Icon for Nimbostratus rankNimbostratus
Mar 25, 2014

iRule to check URI and Client source IP using data groups

    Hi everybody, I'm trying to achieve the following with my iRule:
    1. Check for URI and if its /abc/* choose pool_A
    2. Check for URI and if its /abc-preprod/* also check if Client's IP is from internal pool using datagroup "internalIP"
    3. If both checks under 2 are good, choose pool_b
    4. Discard everything else that wasn't caught by 1 or 2

    My iRule is:

    when HTTP_REQUEST {
        switch -glob [string tolower [HTTP::uri]] {
          "/abc/*" { log local0. "Detected [HTTP::uri] URL"
           pool pool_A
          log local0. "Production pool selected"
             }
         "/abc-preprod/*" { log local0. "Detected [HTTP::uri] URL" 
         if { ([class match [IP::remote_addr] equals $::internalIP]) } 
        log local0. "Client IP [IP::remote_addr] belongs to private network" 
          pool pool_B 
          log local0. "Pre-production pool selected"
            }
         default {
             discard
          log local0. "Wrong URI or Client connecting to Pre-prod from external, packet discarded"
           }
        }
     }


    However I'm unable to get the syntax working and it fails with:
        01070151:3: Rule [/Common/***_redirect_iRule_Logging] error: /Common/***_redirect_iRule_Logging:8: error: [missing a script after "if"][ ]

 Can somebody help?
application delivery
data groups
devops
irule
iRules
LTM
syntax error
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Mar 25, 2014

    A few typos:

    when HTTP_REQUEST {
    switch -glob [string tolower [HTTP::uri]] {
        "/abc/*" { 
            log local0. "Detected [HTTP::uri] URL"
            pool pool_A
            log local0. "Production pool selected"
        }
        "/abc-preprod/*" { 
            log local0. "Detected [HTTP::uri] URL" 
            if { [class match [IP::remote_addr] equals internalIP] } { 
                log local0. "Client IP [IP::remote_addr] belongs to private network" 
                pool pool_B 
                log local0. "Pre-production pool selected"
            }
        } default {
            discard
            log local0. "Wrong URI or Client connecting to Pre-prod from external, packet discarded"
        }
    }
}
  • Jasa_74968's avatar
    Jasa_74968
    Icon for Nimbostratus rankNimbostratus
    Mar 30, 2014
    The syntax gets passed through successfully but I can't seem to be able to achieve what I intended.

Whenever a user hits /abc-preprod/* url that should be covered by :
"/abc-preprod/*" { 
            log local0. "Detected [HTTP::uri] URL" 
            if { [class match [IP::remote_addr] equals internalIP] } { 
                log local0. "Client IP [IP::remote_addr] belongs to private network" 
                pool pool_B 
                log local0. "Pre-production pool selected"

Nothing get's logged even if the user is a member of "internalIP" group and they always get discarded.

What am I missing?

----------
  • Jasa_74968's avatar
    Jasa_74968
    Icon for Nimbostratus rankNimbostratus
    Mar 30, 2014
    I think I'll try to do the same with APM that's also licensed on the box.
Creating a policy that does Server side check for URI Landing page, and if it's "preprod" URI then check for IP Subnet match. Allow and deny will be applied accordingly and iRule will be used only for pool match.

Might make my life easier.