Forum Discussion
Christopher_Boo
Cirrostratus
CirrostratusNeed help combining 2 irules
I'm not much of a scripter but I usually figure it out of I stare at it long enough. I'm trying to combine the 2 irules below. I'd like to insert irule 2 at the end of irule 1. The idea is to allow anyone on the network to hit the specified URIs and be directed to the rec.utt.pool, but to only allow internal users (api.network.list class) to go to the api.utt.pool and either drop or provide an http access denied message to everyone else. I'd appreciate any help.
Thanks,
Chris
Irule 1
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::uri]] {
"/pss-alerts*" -
"/pss-forms*" -
"/pss-reports*" -
"/pss-messaging*" {
pool rec.utt.pool
}
default {
pool api.utt.pool
}
}
}
Irule 2
when CLIENT_ACCEPTED {
if { [class match [IP::client_addr] equals api.network.list] } {
pool api.utt.pool
} else {
drop
}
Christopher_BooI'm now down to 1 error.
error: line 10: [undefined procedure: else] [else]
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::uri]] {
"/pss-alerts*" -
"/pss-forms*" -
"/pss-reports*" -
"/pss-messaging*" {
pool rec.utt.pool
} elseif { [class match [IP::client_addr] equals api.network.list] } {
pool api.utt.pool
} else {
discard
}
}
}
natheCirrocumulus
Christopher,
elseif needs an if so I'd say that was the issue. Try changing elseif to if and you shouldn't need an else either.
Hope this helps.
N- Christopher_BooThanks! I tried that and it still gave me an error. I've removed the default bit at the end of the first irule and put an else discard at the end of the second irule. This at least has me functional, though still using 2 irules.
Chris - Try the following I changed it up a little
First I check the IP address, if match send to pool and drop out of the iRule. If not match fall through to the switch statement. If there is no match send a reset and move on.
when HTTP_REQUEST {
if { [class match [IP::client_addr] equals api.network.list] } {
pool api.utt.pool
return
}
switch -glob [string tolower [HTTP::uri]] {
"/pss-alerts*" -
"/pss-forms*" -
"/pss-reports*" -
"/pss-messaging*" {
pool rec.utt.pool
}
default {
reject
}
}
} - Christopher_BooThe problem with this is I want the users on the api.network.list to have access to those URIs for the rec.utt.pool as well. Thanks for the input!
Chris - Ok it then this should work I had to double the switch statement but it allows if the ip matches and the URI matches it will goto rec.utt.pool ulse api.utt.pool
when HTTP_REQUEST {
if { [class match [IP::client_addr] equals api.network.list] } {
switch -glob [string tolower [HTTP::uri]] {
"/pss-alerts*" -
"/pss-forms*" -
"/pss-reports*" -
"/pss-messaging*" {
pool rec.utt.pool
}
default {
pool api.utt.pool
}
}
} else {
switch -glob [string tolower [HTTP::uri]] {
"/pss-alerts*" -
"/pss-forms*" -
"/pss-reports*" -
"/pss-messaging*" {
pool rec.utt.pool
}
default {
reject
}
}
} - natheJust refreshed the screen to post my suggestion and Richard had beaten me to it ;-)
Think a curly brace is missing. Here's mine anyway:
when HTTP_REQUEST {
if { [class match [IP::client_addr] eq api.network.list] } {
switch -glob [string tolower [HTTP::uri]] {
"/pss-alerts*" -
"/pss-forms*" -
"/pss-reports*" -
"/pss-messaging*" {
pool rec.utt.pool
}
default {
pool api.utt.pool
}
}
}
if { [class match [IP::client_addr] ne api.network.list] } {
switch -glob [string tolower [HTTP::uri]] {
"/pss-alerts*" -
"/pss-forms*" -
"/pss-reports*" -
"/pss-messaging*" {
pool rec.utt.pool
}
default {
reject
}
}
}
}
At least we're both on the same page!
N - Christopher_BooThat sure looks like it will do the trick. Thanks so much to both of you!
Chris
