Forum Discussion
Sriram_Kannan_1
Nimbostratus
Nimbostratusirule to comibe to two events to trigger an action
Below is the irule for three different condition if IP address matches source, destination and custom group.
Now i want to change the Source bypass based on Source IP and http traffic.
how can i action this rule based on checking for IP address and Http traffic type
Any assistance is appreciated.
when CLIENT_ACCEPTED {
Destination bypass
If the destination is in the bluecoat-bypass-dest data group, bypass the BlueCoat
if { [class match [IP::local_addr] equals /Common/bluecoat-bypass-dest] } {
pool /Common/firewall-vl400
return
}
Source bypass
If the source is in the bluecoat-bypass-src data group, bypass the BlueCoat
See HT 991020 re: BES access to Google Calendars
if { [class match [IP::remote_addr] equals /Common/bluecoat-bypass-src] } {
pool /Common/firewall-vl400
return
}
Development
If the source is in the bluecoat-dev-user data group, redirect to the development BlueCoat
if { [class match [IP::remote_addr] equals bluecoat-dev-user] } {
pool /Common/bluecoat-dev
return
}
}
3 Replies
- Kevin_Stewart
Employee
The easiest thing might be just changing CLIENT_ACCEPTED to HTTP_REQUEST, as all of the conditions and commands in this iRule are valid in that event.
Sriram_Kannan_1hi Kevin..i was thinking the same...
another piece to this..source bypass condition should only match http traffic and not https
- Kevin_Stewart
If you're looking for HTTP-specific data, like headers, Hosts, and cookies, then you can use the suite of HTTP:: commands that are available in this event. Realize though that with a client SSL profile applied to the virtual server, all communication is decrypted at this point and HTTP and HTTPS traffic would generally look the same. You could, however, use the destination port as a clue:
if { [TCP::local_port] equals "443" } { ...
