For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

CGI's avatar
CGI
Icon for Altostratus rankAltostratus
Oct 08, 2010

Modifying irule for geofiltering to include allowed ips

Hi iam new to both F5 and irules, and we are trying to achieve a modification of a exsisting irule that is used for geofiltering.   We would like to combine the possability to include certain ip ad...
application delivery
dev
devops
iRules
Chris_Miller's avatar
Chris_Miller
Icon for Altostratus rankAltostratus
Oct 08, 2010
Here's how I'd do it: 


when HTTP_REQUEST {
    if {([matchclass [whereis [IP::client_addr] country] eq allowed_country] or [matchclass [IP::client_addr] eq allowed_ip])} {
            Uncomment the line below to turn on logging.
            log local0.  "Valid client IP: [IP::client_addr] - forwarding traffic"
            forward }
    else {
       HTTP::respond 403 content "Not Allowed"
         log local0.  "Blocked Country client IP: [IP::client_addr] from [whereis [IP::client_addr] country]" } }

Depending your version, you can optimize this as well. I assumed you wanted to forward the traffic if it met either "allowed" criteria since you didn't have an action specified for the allowed_country match.

I got rid of your $:: so CMP would be used.