Forum Discussion
David_Oertli_18
Nimbostratus
NimbostratusiRule to route based on CIDR notation
I am trying to create an iRule to allow testing of our application from internal IP addresses but not from anything external. The scenario is that if a client attempts to access our application from external during the testing period you will be sent to a 'sorry server' but if you are internal you will be sent to the normal application server pool. Below is what I have based on other iRules I have seen. I am trying to utilize CIDR notation for simplicity sake.
Thanks in advance
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr]/8 equals 10.0.0.0] | [IP::addr [IP::client_addr]/12 equals 172.16.0.0] | [IP::addr [IP::client_addr]/16 equals 192.168.0.0] } {
pool application-server_pool
} else {
pool sorry-server_pool
}
}
The is already a default data class built into the F5 for private address space called private_net.
when CLIENT_ACCEPTED { if { [class match [IP::client_addr] equals private_net] } { pool application-server_pool } else { pool sorry-server_pool } }You can use this or roll your own. See under iRules -> Data Group List. Address based data groups are designed for IP address matching. If a client address matches a subnet in the address data group then this will return true. The same applies if it is a single host as well.
Kevin_Davies_40Nacreous
The is already a default data class built into the F5 for private address space called private_net.
when CLIENT_ACCEPTED { if { [class match [IP::client_addr] equals private_net] } { pool application-server_pool } else { pool sorry-server_pool } }You can use this or roll your own. See under iRules -> Data Group List. Address based data groups are designed for IP address matching. If a client address matches a subnet in the address data group then this will return true. The same applies if it is a single host as well.
David_Oertli_18Looks like it is working! Thanks for the response!