Forum Discussion

Lisa_Boyd_53788's avatar
Lisa_Boyd_53788
Icon for Nimbostratus rankNimbostratus
Dec 07, 2005

New to matchclass+IP::remote_addr & Data Group List

Goal: To restrict access to webservers via ip address     Three Data Groups were created: My-Nets, Cus-Health & Thomson-ExternalNets. If remote ip addresses are in Data Group List My-Nets or Cus...
application delivery
dev
devops
iRules
Joe_Pruitt's avatar
Joe_Pruitt
Dec 07, 2005
What you are looking at doing should be possible. Since you haven't posted a complete iRule, we can't tell if there is a problem elsewhere in the code. I would recommend you add logging statements at each path in your code so that you can diagnose for yourself where the control flow is failing you.

 

 

ie.

 

 

if { [matchclass [IP::remote_addr] equals $::My-Nets] } {
  log local0. "address [IP::remote_addr] found in class My-Nets"
  pool Test-Cus-Bambi
} elseif { [matchclass [IP::remote_addr] equals $::Cus-Health] } {
  log local0. "address [IP::remote_addr] found in class Cus-Health"
  pool Test-Cus-Bambi
}...

 

 

Then look in the /var/log/ltm file for the output. This should help you figure out what's going on.

 

 

Another thing I might mention is that if your data groups are quite large, you can compare IP addresses with subnet masks. That way you can just enter a subnet into your data group. Search the Forums for "IP::addr" and "matchclass". If you need to specify single addresses, then this option probably won't help.

 

 

-Joe