Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

wlopez's avatar
wlopez
Icon for Cirrocumulus rankCirrocumulus
Aug 19, 2021

iRule to disable OneConnect for a list of source IP addresses

I'm trying to resolve an issue with a legacy application that doesn't like OneConnect. All traffic from the legacy application originates from a know list of source IP addresses, which I'm including...
application delivery
irules
LTM
oneconnect
Dario_Garrido's avatar
Dario_Garrido
Icon for Noctilucent rankNoctilucent
Aug 27, 2021

Hello wlopez.

 

You have an example of how to use it here.

 

Regards,

Dario.

  • wlopez's avatar
    wlopez
    Icon for Cirrocumulus rankCirrocumulus
    Sep 01, 2021

    Thanks for replying.

    I had read that article but am not clear of how to use it to accomplish my goal.

    I'm looking on how to take OneConnect completely out of the picture for all traffic originated from the list of IP addresses included in the "Legacy_App" iRule data group.

    Will something like this accomplish that?

        when CLIENT_ACCEPTED {
      if {[class match [IP::client_addr] equals Legacy_App]} {
        ONECONNECT::reuse disable
        pool pool_Legacy
      }
    }
    • Dario_Garrido's avatar
      Dario_Garrido
      Icon for Noctilucent rankNoctilucent
      Sep 02, 2021

      Actually, "CLIENT_ACCEPTED" is not a valid event.

      I would use this instead:

      when HTTP_REQUEST {
  if {[class match [IP::client_addr] equals Legacy_App]} {
    ONECONNECT::reuse disable
    pool pool_Legacy
  }
}

      Let me know if it works as expected.

      Regards,

      Dario.