Forum Discussion
Jarek_Twardowsk
Nimbostratus
Nimbostratus"IRULE" using IP and FQDN
Hello, I have question on “irule” for whitelisting.
Currently we’re using IP as source or destination and that is working correctly as mechanism for directing traffic towards bypass path.
The questio...
Jarek_TwardowskNimbostratus
NimbostratusJust to clarify, here is the irule that we're using based on IP. How this can be modified to include FQDN or domain as destination.
when RULE_INIT {
Debug logging level (0 = logging disabled, 1 = logging enabled)
set static::_proxy_bypass_debug 0
Proxy Bypass Source IP datagroup name (as configured under Local Traffic > iRules > Data Group List)
set static::source_ip_proxy_bypass_RD1_dg "/Common/source_ip_proxy_bypass_RD1_dg"
Proxy Bypass Destination IP datagroup name (as configured under Local Traffic > iRules > Data Group List)
set static::destination_ip_proxy_bypass_RD1_dg "/Common/destination_ip_proxy_bypass_RD1_dg"
}
when CLIENT_ACCEPTED {
If client IP is in bypass list then don't load balance client to ironports, otherwise load balance to default pool.
if { not (([class match [IP::client_addr] equals $static::source_ip_proxy_bypass_RD1_dg]) || ([class match [IP::local_addr] equals $static::destination_ip_proxy_bypass_RD1_dg])) } {
if { $static::_proxy_bypass_debug } { log local0. "Client connection proxied to ironports. Client Source IP [IP::client_addr] or Client Destination IP [IP::local_addr] is not in Datagroups. Server selected is [LB::server]" }
return
} else {
if { $static::_proxy_bypass_debug } { log local0. "Client connection not proxied to ironports. Client IP [IP::client_addr] or Client Destination [IP::local_addr] is in Datagroups." }
forward
} }
