iRule to exclude network from further filtering and process the rest of the traffic by URI

Question

Hi folks,&nbsp;
Complete noob to irules. What I am trying to achieve with this irule is to allow for a specific subnet access to any uri under the sun but restrict the rest of the world to only specific URI's.&nbsp;
when HTTP_REQUEST {
    if { [class match [IP::client_addr] equals vendor_network] } {
    pool vendorapp_https-8443_pool
   } elseif { [ class match [string tolower [HTTP::uri]] contains vendorapp_allowed_uri_list ] } {
  Stop processing the iRule for this event here
  return }
 else {
  drop }
 }&nbsp;
the page doesn't load and in cURL all I see is a successful SSL transaction (ssl offloaded).&nbsp;
I appreciate any input!
Nick&nbsp;

boneyard · Answer

first thing i would do is add some debug logging&nbsp;
so log the IP::client_addr / HTTP::uri to make sure you are performing the right request&nbsp;
then log for entering the different statements, so you know what the iRule felt about your request&nbsp;
then tailf /var/log/ltm and do the request&nbsp;
a quick check seems to indicate the second option doesn't have pick a specific pool, but that might be the standard one.&nbsp;
see where that gets you.&nbsp;

Forum Discussion

iRule to exclude network from further filtering and process the rest of the traffic by URI

1 Reply

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

R4800 snmp issues.

F5 XC and Service Policy/HTTP path

BIG-IQ: how to change interval checks for health status of pools and poolmembers

Citrix iApps

FQDN Node with Route Domains

Related Content

I want to exclude the character ) in syslog filter.

What is Multi-Cloud Networking?

iRule exclude URI

Demo Guide & Video Series for F5 Distributed Cloud Network Connect (Multi-Cloud Networking)

Simplify Network Segmentation for Hybrid Cloud

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS