Forum Discussion

Nimbostratus

Aug 06, 2008

MSM iRule Customization

Has anyone worked with MSM (Message Security Module)? We seem to be at the mercy of the "Trusted Source" database and would like to whitelist a group of IP addresses for our customers that "Secure Com...

Employee

Aug 07, 2008

Hi,

I wouldn't recommend to modify the iRule provided with MSM or you will lose support on it.

Instead i would recommend to configure a new iRule that will be triggered before and do your checking.

Here is an example to handle a white list and a black list:

  
  when CLIENT_ACCEPTED {  
    if { [matchclass [IP::client_addr] equals $::white_list] } {  
    log local0. "client: [IP::client_addr] found in white_list directed to http_test_pool"  
  pool http_test_pool  
  event disable all  
    }  
    elseif { [matchclass [IP::client_addr] equals $::black_list] } {  
      log local0. " client: [IP::client_addr] found in black_list directed to http_test_pool_2"  
  pool http_test_pool_2   
              or discard  
  event disable all  
    }  
  }

You just need to specify this iRule in your VS before the MSM one

HTH

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)