Forum Discussion
Leslie_South_55
Nimbostratus
Jan 31, 2008Multiple matchclass + "if" AND "if not"
I am trying to use both an 'if' and an 'if not' statement where both statements are looking at 2 different external class files. Here is the rule:
when HTTP_REQUEST {
log local0 "requested [HTTP::uri]"
if {not [matchclass [string tolower [HTTP::uri]] contains $::uri_block] } {
if {[matchclass [IP::client_addr] equals $::allowed] } {
log local0. "Valid Packet: [IP::client_addr] - [HTTP::uri] forwarding traffic"
} else {
log local0. "Invalid Packet: [IP::client_addr] - [HTTP::uri] discarding"
discard
}
}
}
it does not seem to be reading the entire rule, as I get log entries as follows:: Valid Packet: 10.2.6.31 - /AeXHD/user/default.aspx forwarding traffic
where the "user" is defined in the uri_block class (what I am trying to block access to)
and 10.2.6.31 is defined in the allowed class (one of the allowed client IP's)
Any help much appreciated.
-L
5 Replies
- Leslie_South_55
Nimbostratus
I can do this with 2 rules on the VS, and I guess that is OK, just was trying to get it all in one rule. - hoolio
Cirrostratus
Can you try wrapping the conditional test you're not'ing in parens?when HTTP_REQUEST { log local0 "requested [HTTP::uri]" if {not ([matchclass [string tolower [HTTP::uri]] contains $::uri_block])} { if {[matchclass [IP::client_addr] equals $::allowed] } { log local0. "Valid Packet: [IP::client_addr] - [HTTP::uri] forwarding traffic" } else { log local0. "Invalid Packet: [IP::client_addr] - [HTTP::uri] discarding" discard } } }
- Leslie_South_55
Nimbostratus
Aaron, - hoolio
Cirrostratus
Actually, I think I missed part of what you're trying to do. Do you want to allow the request if the requested URI is not in the blocked URI class or if the client IP is in the allowed IP's class; and drop all other requests?when HTTP_REQUEST { log local0 "requested [HTTP::uri]" if {not ([matchclass [string tolower [HTTP::uri]] contains $::uri_block]) or [matchclass [IP::client_addr] equals $::allowed]} { log local0. "Valid Packet: [IP::client_addr] - [HTTP::uri] forwarding traffic" } else { log local0. "Invalid Packet: [IP::client_addr] - [HTTP::uri] discarding" discard } }
- Leslie_South_55
Nimbostratus
I need to match on BOTH, so I changed the 'or' to 'and'...now I'm in buisness...funy thing is I tried the AND between the if statements on my first attempt and ketp getting all sorts of syntax errors, must have been the misplaced parens.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects