Forum Discussion

Cirrocumulus

Jan 29, 2020

Need help in adding Datagroup to existing Irule

Hi Team ,

I have below Irule which currently works for specific single source IP 10.10.10.1 ...I would like to add more IP using Datagroup , Could you please help me modify this irule .

I tried but I got error "variable reference required proceeding $"

Note : We have route domain configured and VIP is configured in route domain %70 .

Thanks in Advance :)

when HTTP_REQUEST {

if {

([IP::client_addr] contains "10.10.10.1%70") && ([string tolower [HTTP::uri]] contains "/cklauncher/")

}

{

drop

}

elseif { [string tolower [HTTP::path]] equals "/" && ( [IP::addr [IP::client_addr] equals 10.10.10.1%70]) } {

# redirect the request

log local0. "issuing redirect request to [HTTP::host][HTTP::uri] from [IP::client_addr]"

HTTP::redirect https://[getfield [HTTP::host] ":" 1]/ckpartner/

}

Hi,

Any chances to same client IP address appears on different route domains on this iRule? Because I think IP data group won't consider route domains on validation, but I'm not 100% sure. This way, I think working on data group type ip route domain number wold be noise optional.

ltm data-group internal dg_my_ip_list {
    records {
        10.10.10.1%70/32 { }
    }
    type ip
}
 
when HTTP_REQUEST {
    if { [class match [IP::client_addr] equals dg_my_ip_list] } {
        if { [string tolower [HTTP::path]] equals "/cklauncher/" } {
            drop
        } elseif { [HTTP::path] equals "/" } {
            # redirect the request
            log local0. "issuing redirect request to [HTTP::host][HTTP::uri] from [IP::client_addr]"
            HTTP::redirect https://[getfield [HTTP::host] ":" 1]/ckpartner/
        }
    }
}

I hope it helps.

Best regards.

cjunior
Nacreous
Jan 29, 2020
Hi,
Any chances to same client IP address appears on different route domains on this iRule? Because I think IP data group won't consider route domains on validation, but I'm not 100% sure. This way, I think working on data group type ip route domain number wold be noise optional.
ltm data-group internal dg_my_ip_list { records { 10.10.10.1%70/32 { } } type ip } when HTTP_REQUEST { if { [class match [IP::client_addr] equals dg_my_ip_list] } { if { [string tolower [HTTP::path]] equals "/cklauncher/" } { drop } elseif { [HTTP::path] equals "/" } { # redirect the request log local0. "issuing redirect request to [HTTP::host][HTTP::uri] from [IP::client_addr]" HTTP::redirect https://[getfield [HTTP::host] ":" 1]/ckpartner/ } } }
I hope it helps.
Best regards.
- Blue_whale
  Cirrocumulus
  Apr 10, 2020
  Hi Cjunior,
  
  I need help here .
  
  With Datagroup I want to block access to both the uri's /cklauncher/ and /ckpartener/ and anything else should be accessible .
cjunior
Nacreous
Apr 10, 2020
Hello,
Changing this part, will that work for you?
if { [string tolower [HTTP::path]] equals "/cklauncher/" or [string tolower [HTTP::path]] equals "/ckpartener/" } { drop
Regards
- Blue_whale
  Cirrocumulus
  Apr 13, 2020
  I will try this , Thank you
  
  ltm data-group internal dg_my_ip_list {
    records {
      10.10.10.1%70/32 { }
    }
    type ip
  }
  
  when HTTP_REQUEST {
    if { [class match [IP::client_addr] equals dg_my_ip_list] } {
  if { [string tolower [HTTP::path]] equals "/cklauncher/" or [string tolower [HTTP::path]] equals "/ckpartener/" } {
        drop
  }
  }
  }