DM_5174
Feb 13, 2012Nimbostratus
POSSBILE BUG WITH MATCHCLASS ON LTM??
Hi All,
I have an issue that does not make any sense since the same code works for another
irule when applied to a different virtual server.
Below is a maintenance redirect i-rule and below are the objective.
OBJECTIVE: Allow IP not defined in the data-group to get maintenance page, and if your IP matches what is in the data group, you do NOT get sent to the maintenance page.
1. If your source IP address DOES match either "199.200.99.150" or "199.200.99.151", then skip the redirect to maintenance page and go to WEB_POOL1 if your URI matches "/app.." if not then you go to the default WEB_POOL2.
2. If, however your IP address DOES NOT match what is in the "CORPORATE-ISP" datagroup, you will get redirected to "http://www.mysite.com/maintenance/maintenance.htm"
PROBLEM:
The problem here is if your source IP address matches what is in the Corporate-ISP data group, you still get redirected to the "http://www.mysite.com/maintenance/maintenance.htm" Page.
Can anyone please let me know what i am doing wrong or if there is a better way of doing this?
LOGS FROM LTM
Feb 11 15:53:06 tmm tmm[933]: Rule MAINTENANCE-IRULE : 200.22.196.190 matched an allowed host.
Feb 11 15:53:06 tmm tmm[933]: Rule MAINTENANCE-IRULE : 163.152.231.212 matched an allowed host.
Feb 11 15:53:11 tmm tmm[933]: Rule MAINTENANCE-IRULE : 68.12.196.178 matched an allowed host.
class CORPORATE-ISP {
host 199.200.99.150
host 199.200.99.151
when HTTP_REQUEST {
Check if client host IP is in the datagroup or not, if not then redirect
if {!([matchclass [IP::client_addr] equals $::CORPORATE-ISP])}{
log local0. "[IP::client_addr] matched an allowed host."
HTTP::redirect "http://www.mysite.com/maintenance/maintenance.htm"
} else {
set stime 10
switch -glob [string tolower [HTTP::uri]] {
"/app1*" -
"/app2*" -
"/app3*" -
"/app4*" -
"/app5*" -
"/app6*" -
"/app7*" -
"/app8*" -
"/app9*"
{ pool WEB_POOL1 }
default { pool WEB_POOL2 }
}
}
}