Forum Discussion
Muhammad_Irfan1
Cirrus
CirrusPacket filter can't filter proxypass is there any other way to filter traffic?
I have VS 10.50.171.8:443 and 35 pools are attached to it through proxypass iRule.
iRule is like this for one pool
when HTTP_REQUEST {
switch -glob [HTTP::uri] {
"/300MEFPOSTPAIDLive*" {
...
Try inserting an if statement checking for the client's address:
when HTTP_REQUEST { switch -glob [HTTP::uri] { "/300MEFPOSTPAIDLive*" { if { [IP::addr [IP::client_addr] equals 10.50.241.155] } { pool Tibco-LB-Group3 HTTP::uri [string range [HTTP::uri] [string first "/" [HTTP::uri] 1] end] } else { drop } } }Look at https://devcentral.f5.com/wiki/iRules.IP__addr.ashx for more information/examples
shaggy
Nimbostratus
NimbostratusTry inserting an if statement checking for the client's address:
when HTTP_REQUEST {
switch -glob [HTTP::uri] {
"/300MEFPOSTPAIDLive*" {
if { [IP::addr [IP::client_addr] equals 10.50.241.155] } {
pool Tibco-LB-Group3
HTTP::uri [string range [HTTP::uri] [string first "/" [HTTP::uri] 1] end]
} else {
drop
}
}
}
Look at https://devcentral.f5.com/wiki/iRules.IP__addr.ashx for more information/examples
shaggyNimbostratus
NimbostratusJust use "or":
if { [IP::addr [IP::client_addr] equals 10.50.241.155] or [IP::addr [IP::client_addr] equals 10.50.241.156] or [IP::addr [IP::client_addr] equals 10.50.241.156] }
If you have much more than that, you might consider using data groups to store allowed addresses (https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-system-irules-concepts-11-6-0/6.html) and the "class" iRule command (https://devcentral.f5.com/wiki/iRules.class.ashx)