Forum Discussion
DM_5174
Feb 13, 2012Nimbostratus
POSSBILE BUG WITH MATCHCLASS ON LTM??
Hi All,
I have an issue that does not make any sense since the same code works for another
irule when applied to a different virtual server.
Below is a maintenance redirect i-rule and below are the objective.
OBJECTIVE: Allow IP not defined in the data-group to get maintenance page, and if your IP matches what is in the data group, you do NOT get sent to the maintenance page.
1. If your source IP address DOES match either "199.200.99.150" or "199.200.99.151", then skip the redirect to maintenance page and go to WEB_POOL1 if your URI matches "/app.." if not then you go to the default WEB_POOL2.
2. If, however your IP address DOES NOT match what is in the "CORPORATE-ISP" datagroup, you will get redirected to "http://www.mysite.com/maintenance/maintenance.htm"
PROBLEM:
The problem here is if your source IP address matches what is in the Corporate-ISP data group, you still get redirected to the "http://www.mysite.com/maintenance/maintenance.htm" Page.
Can anyone please let me know what i am doing wrong or if there is a better way of doing this?
LOGS FROM LTM
Feb 11 15:53:06 tmm tmm[933]: Rule MAINTENANCE-IRULE : 200.22.196.190 matched an allowed host.
Feb 11 15:53:06 tmm tmm[933]: Rule MAINTENANCE-IRULE : 163.152.231.212 matched an allowed host.
Feb 11 15:53:11 tmm tmm[933]: Rule MAINTENANCE-IRULE : 68.12.196.178 matched an allowed host.
class CORPORATE-ISP {
host 199.200.99.150
host 199.200.99.151
when HTTP_REQUEST {
Check if client host IP is in the datagroup or not, if not then redirect
if {!([matchclass [IP::client_addr] equals $::CORPORATE-ISP])}{
log local0. "[IP::client_addr] matched an allowed host."
HTTP::redirect "http://www.mysite.com/maintenance/maintenance.htm"
} else {
set stime 10
switch -glob [string tolower [HTTP::uri]] {
"/app1*" -
"/app2*" -
"/app3*" -
"/app4*" -
"/app5*" -
"/app6*" -
"/app7*" -
"/app8*" -
"/app9*"
{ pool WEB_POOL1 }
default { pool WEB_POOL2 }
}
}
}
- hoolioCirrostratusHi DM,
- DM_5174NimbostratusHi Aaron,
- hoolioCirrostratusFor 9.3.x, I think you'll have an issue with the hyphen in the data group name. You can either escape it with curly braces:
- DM_5174NimbostratusThanks so much Aaron! We will try this and see if that works. I agree with you on the upgrade, but unfortunately we will need to
- DM_5174NimbostratusHi Aaron,
- DM_5174NimbostratusHi Aaron or anyone -
- nitassEmployeeIs there another way of doing this without
when HTTP_REQUEST { if {not ([IP::addr [IP::client_addr] equals 199.200.99.150]) and \ not ([IP::addr [IP::client_addr] equals 199.200.99.151])} { log local0. "do" } else { log local0. "do something else" } }
- DM_5174NimbostratusHi Nitass,
when HTTP_REQUEST { Check if client host IP is in the datagroup or not, if not then redirect if {not ([IP::addr [IP::client_addr] equals 199.200.99.150]) and \ not ([IP::addr [IP::client_addr] equals 199.200.99.151])} { HTTP::redirect "http://www.mysite.com/maintenance/maintenance.htm" } else { set stime 10 switch -glob [string tolower [HTTP::uri]] { "/app1*" - "/app2*" - "/app3*" - "/app4*" - "/app5*" - "/app6*" - "/app7*" - "/app8*" - "/app9*" { pool WEB_POOL1 } default { pool WEB_POOL2 } } } }
- nitassEmployeeyes, it looks fine for me. :-)
- hoolioCirrostratusIt is redirecting all users, even if the user is coming from a host that matches the IP address listed in the data group to the maintenance page.
Recent Discussions
Related Content
Â
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects