Forum Discussion
Muhammad_Irfan1
Cirrus
CirrusPacket filter can't filter proxypass is there any other way to filter traffic?
I have VS 10.50.171.8:443 and 35 pools are attached to it through proxypass iRule.
iRule is like this for one pool
when HTTP_REQUEST {
switch -glob [HTTP::uri] {
"/300MEFPOSTPAIDLive*" {
...
Try inserting an if statement checking for the client's address:
when HTTP_REQUEST { switch -glob [HTTP::uri] { "/300MEFPOSTPAIDLive*" { if { [IP::addr [IP::client_addr] equals 10.50.241.155] } { pool Tibco-LB-Group3 HTTP::uri [string range [HTTP::uri] [string first "/" [HTTP::uri] 1] end] } else { drop } } }Look at https://devcentral.f5.com/wiki/iRules.IP__addr.ashx for more information/examples
shaggy_121467
Cumulonimbus
CumulonimbusTry inserting an if statement checking for the client's address:
when HTTP_REQUEST {
switch -glob [HTTP::uri] {
"/300MEFPOSTPAIDLive*" {
if { [IP::addr [IP::client_addr] equals 10.50.241.155] } {
pool Tibco-LB-Group3
HTTP::uri [string range [HTTP::uri] [string first "/" [HTTP::uri] 1] end]
} else {
drop
}
}
}
Look at https://devcentral.f5.com/wiki/iRules.IP__addr.ashx for more information/examples
- Muhammad_Irfan1Thanks shaggy you solved by problem. How would it look like if i want to allow 2, 3 IP,s Do i have to put else if statement then?
- shaggy_121467Just use "or": if { [IP::addr [IP::client_addr] equals 10.50.241.155] or [IP::addr [IP::client_addr] equals 10.50.241.156] or [IP::addr [IP::client_addr] equals 10.50.241.156] } If you have much more than that, you might consider using data groups to store allowed addresses (https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-system-irules-concepts-11-6-0/6.html) and the "class" iRule command (https://clouddocs.f5.com/api/irules/class.html)
- Muhammad_Irfan1NO i have max 3 ips,. Thanks alot.