For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ron_126046's avatar
Ron_126046
Icon for Nimbostratus rankNimbostratus
Feb 24, 2014

Permit specif IPs to pools, all others see a simple maintenance page

I have an iRule set up to redirect to specific pools depending on uri. Now maintenance is being done and only specific IPs need to be allowed to sites, all other get a simple web page that the site is down.

 

when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]] { "/jumper" { pool tango.golf_TGIIS_Https_Pool log local0. "redirect irule pool tango.golf_TGIIS_Https_Pool" } "/" - "/annie" - "/bugg" - "/charles" - "/dog" - "/fashion" - "/golf" - "/harry" - "/ink" - "/jonas" - "/kegg" - "/limber" - "/micro" - "/nosehair" - "/orange" - "/pinky" - "/queen" - "/romeo" - "/survey" - "/tango" - "/useless" - "/valve" - "/whiskey" - "/xray" - "/yonkers" - "/zulu" - "/poolball*" { pool waterpolo_WPIIS_Https_Pool log local0. "redirect irule pool waterpolo_WPIIS_Https_Pool" } default { pool skijump_SKJWEB_Https_Pool log local0. "redirect irule pool skijump_SKJWEBHttps_Pool" } } }

 

I've set up a Datagroup list with the IP's in it. I just need assistance allowing only the ips in group to the site, while sending all others to the simple website down page. I have an irule for that also.

 

application delivery
devops
iRules

2 Replies

  • John_Alam_45640's avatar
    John_Alam_45640
    Historic F5 Account
    Feb 24, 2014
    Can you re-post your question. This time add a couple of empty lines before and after your iRule, then highlight the irule and press CTRL-K.
  • Thomas_Gobet's avatar
    Thomas_Gobet
    Icon for Nimbostratus rankNimbostratus
    Feb 25, 2014

    You can add the data group condition at the first line of your iRule.

    For example : 

    when HTTP_REQUEST {
    if { not ( [class match [IP::client_addr] equals my_ip_datagroup] ) } {
        reject
    } 
    switch -glob [string tolower [HTTP::uri]] { 
        "/jumper" { 
            pool tango.golf_TGIIS_Https_Pool 
            log local0. "redirect irule pool tango.golf_TGIIS_Https_Pool" 
        } 
        "/" - "/annie" - "/bugg" - "/charles" - "/dog" - "/fashion" - "/golf" - "/harry" - "/ink" - "/jonas" - "/kegg" - "/limber" - "/micro" - "/nosehair" - "/orange" - "/pinky" - "/queen" - "/romeo" - "/survey" - "/tango" - "/useless" - "/valve" - "/whiskey" - "/xray" - "/yonkers" - "/zulu" - "/poolball*" { 
            pool waterpolo_WPIIS_Https_Pool 
            log local0. "redirect irule pool waterpolo_WPIIS_Https_Pool" 
        } 
        default { 
            pool skijump_SKJWEB_Https_Pool 
            log local0. "redirect irule pool skijump_SKJWEBHttps_Pool" 
        } 
    }
}