Forum Discussion
monstaloc_63499
Nimbostratus
NimbostratusPlease help with Not and OR
Hey everyone, first post, not my first iRule, but not my millionth either.
I'm trying to say, if the source IP is not listed in Datagroup1, OR datagroup2, redirect.
when HTTP_REQUEST {
if { not( [ matchclass [IP::client_addr] equals $::Datagroup1]) or not ([ matchclass [ IP::client_addr] equals $::datagroup2 ) } {
log "blocked request for [HTTP::uri] by [IP::client_addr]"
HTTP::redirect "http://redirectURL.com/"
return
}
}
It looks like the IPs that match Datagroup1 work, but not Datagroup2. Can someone help me with my syntax? Probably so easy for the gurus out there, but it's driving me nuts! LOL. Thanks again.
monstaloc_63499On more thing, Datagroup1 is the partition I have access to, datagroup2 is in the "common" partition. Is this going to make a difference?
Joel_MosesWhat version of TMOS are you using?- monstaloc_63499Is the TMOS the same as the "firmware" ..if so then...
10.2.3 Build 123.37 - Joel_MosesOkay. You can certainly use the "matchclass" command do do this, but the better command to use is just "class". And when you're doing your comparison, you can group everything in the "not". Something like this:
when HTTP_REQUEST { if { not ([class match [IP::client_addr] equals $::Datagroup1] || [class match [IP::client_addr] equals $::datagroup2]) } { log "blocked request for [HTTP::uri] by [IP::client_addr]" HTTP::redirect "http://redirectURL.com/" return } } - monstaloc_63499Thanks so much Joel. I knew it was something like that. I have not been able to find examples of 2 not statements and this worked. On a side note, I also found out that Datagroup1, (which real name is COMMON-XXX_XXX) violates a naming convention as the F5 thinks "COMMON" is some type of keyword.
- can't read "::COMMON": no such variable while
executing "matchclass [ IP::client_addr] equals $:: COMMON-XXX_XXX" - Joel_MosesIt's the hidden stuff that'll get you every time... Glad to help!