For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Leslie_South_55's avatar
Leslie_South_55
Icon for Nimbostratus rankNimbostratus
Jan 31, 2008

Multiple matchclass + "if" AND "if not"

I am trying to use both an 'if' and an 'if not' statement where both statements are looking at 2 different external class files. Here is the rule: when HTTP_REQUEST { log local0 "requeste...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Jan 31, 2008
Actually, I think I missed part of what you're trying to do. Do you want to allow the request if the requested URI is not in the blocked URI class or if the client IP is in the allowed IP's class; and drop all other requests?

If so, I think this should work and be slightly clearer:


when HTTP_REQUEST {
   log local0 "requested [HTTP::uri]"
   if {not ([matchclass [string tolower [HTTP::uri]] contains $::uri_block]) or [matchclass [IP::client_addr] equals $::allowed]} {
      log local0.  "Valid Packet: [IP::client_addr] - [HTTP::uri] forwarding traffic"
   } else  {
      log local0. "Invalid Packet: [IP::client_addr] - [HTTP::uri] discarding"
      discard
   }
}

Aaron