For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Greg_Wood_33904's avatar
Greg_Wood_33904
Icon for Nimbostratus rankNimbostratus
Aug 07, 2008

MSM iRule Customization

Has anyone worked with MSM (Message Security Module)? We seem to be at the mercy of the "Trusted Source" database and would like to whitelist a group of IP addresses for our customers that "Secure Com...
application delivery
dev
devops
iRules
Nicolas_Menant's avatar
Nicolas_Menant
Icon for Employee rankEmployee
Aug 07, 2008
Hi,

I wouldn't recommend to modify the iRule provided with MSM or you will lose support on it.

Instead i would recommend to configure a new iRule that will be triggered before and do your checking.

Here is an example to handle a white list and a black list: 

  
  when CLIENT_ACCEPTED {  
    if { [matchclass [IP::client_addr] equals $::white_list] } {  
    log local0. "client: [IP::client_addr] found in white_list directed to http_test_pool"  
  pool http_test_pool  
  event disable all  
    }  
    elseif { [matchclass [IP::client_addr] equals $::black_list] } {  
      log local0. " client: [IP::client_addr] found in black_list directed to http_test_pool_2"  
  pool http_test_pool_2   
              or discard  
  event disable all  
    }  
  }

You just need to specify this iRule in your VS before the MSM one

HTH