Forum Discussion
Mike_Graston_10
Nimbostratus
NimbostratusPermit access based on Client IP "again"
All,
I have been working on this for 2 days and can't seem to get it right. Whenever I apply it the rule it shuts down the site. Here is what I have.
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 10.10.10.10] } {
pool pool-my-pool
}
drop
}
I also tried to use a data group list with the same results.
when CLIENT_ACCEPTED {
if { [matchclass [IP::remote_addr] equals $::Hosts] } {
pool pool-my-pool
}
drop
}
Data Group list
Hosts
10.10.10.10
For some reason it blocks everything to this pool irregardless if my pc matches the address in the Irule 1 or the data group list.
So what I am trying to do is block all IP addresses unles I specify it in my data group list
Mike
2 Replies
- What's happening is that the "drop" command in your iRule will get executed for all requests. I suspect that you may be used to 4.x iRules, where the "pool" command would stop execution of the iRule; in 9.x, processing will continue.
The following iRule should do what you want:when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 10.10.10.10] } { pool pool-my-pool } else { drop } } 
Mike_Graston_10Spark, thanks. This works using including the else command on my 9.4 system but I get an internet connection reset on my 9.2.3 ltm. I was wondering if you had any insight on why? I believe we are scheduled for an upgrade soon but not sure when. Most of this I got from looking through the code share and I guess it was left over from 4.x and needs to be updated. Again thx this one was busting my brain!
