irule to source route a request.

Question

I need to route an https request to a pool if the source IP matches a list but redirect to to a different place if the IP does not match.  So far I have this but it just hangs.
when HTTP_REQUEST {
  if { [class match [IP::client_addr] equals securerpm.ip.list] } {
    pool securerpm.icgtax.com
  } else {
    HTTP::redirect "https://scadmzprx01.lereta.com/securerpm"
  }
}

securerpm.icgtax.com is the pool the permitted IPs should be allowed to reach
securerpm.ip.list is a list of the permitted IP addresses.  Right now it has one address in it:
50.116.0.57:=50.116.0.57
I see there are a lot of threads discussing this issue but -- so far -- none have provided me the magic to make this work.

kevin_stewart · Answer

Your iRule syntax is correct. Are you using an address-type data group for the IPs? You also don't need a value in the data group, just the key.
You may want to add some debug logging here to see what's really happening:
when HTTP_REQUEST {
    if { [class match [IP::client_addr] equals securerpm.ip.list] } {
        log local0. "IP ([IP::client_addr]) matches data group"
        pool securerpm.icgtax.com
    } else {
        log local0. "IP ([IP::client_addr]) does not match data group"
        HTTP::redirect "https://scadmzprx01.lereta.com/securerpm"
    }
}

Then watch from /var/log/ltm:
tail -f /var/log/ltm

Forum Discussion

irule to source route a request.

Recent Discussions

AS3 Limitations

Help needed with iRule (connection closed log )

Use of SSL Decryption.

VLAN Failsafe Functionality

FTP PASV mode to Extended Passive mode

Related Content

Logging DNS Requests

iRule to Force Source IP to Specific Backend Node

iRule to take cookie from HTTP Response into HTTP Request via table

Hey DeepSeek, can you write iRules?

The Power of Source Address

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS