Forum Discussion
tacobell_112236
Nimbostratus
NimbostratusRedirect Based on IP
Hello all- Im a newbie- can someone assist .
I need to create an Irule wheras specefic URL's can only be accessed based on IP address(s) and if not on the IP range I need to redirect to another URL .
/axampleherAdmin
/plusprods
/NAACP/admin
/ESPN/admin
/Production/registry
I know I can use datagroup names but not sure how. I found an IRule that is what I need except I dont know how to manipulate it to do what I need any guidance is appreciated.
IRule : http://devcentral.f5.com/wiki/defau...rHost.html
12 Replies
- Chris_Miller
Altostratus
If you'd like to use data groups, I'd recommend creating a string-type group containing the URIs (in lowercase) and going from there. Also, you could consider doing a data group for the IP addresses if there's multiple ranges. From there, it'd be something like this:when HTTP_REQUEST { if { [class match [string tolower [HTTP::uri]] eq uri_datagroup] and [class match [IP::client_addr] ne address_datagroup] } { HTTP::redirect "http://www.example.com" } }
Basically, if their URI exists in the data group but their IP address doesn't, send them a redirect. 
tacobell_112236Im sorry I dont understand what you mean?
First - do I use the template desscirbed here http://devcentral.f5.com/wiki/defau...rHost.html ?
Then modify the irule based on what you have written?
Also I cant find any info on string type data groups. Care to send me links so I can read up please.- Chris_MillerI assume the rule I wrote would be exactly what you need. You can find "data groups" in the GUI by going to Local Traffic > iRules > Data Groups. When you create a new one, you can make it "string" or "address." My iRule assumes you make one "string" data group called "uri_datagroup" and one "address" data group called "address_datagroup."
- tacobell_112236
yes its exact;y what i need . I understand the creation of the datagroups but can you clarify...can I use only your rule or do I need to use something else in conjunction with your rule?
ne address_datagroup] ---id this correct "ne"?? - Chris_MillerMy iRule should be all you need. ne means not equal. That should work fine. If not, I'll change the syntax.
- tacobell_112236I get an error:
01070151:3: Rule [IRule_Redirect_tests] error: line 2: [undefined procedure: class] [class match [string tolower [HTTP::uri]] eq uri_datagroup]
did I mention its version 9?? - Chris_MillerV9 is a bit different. Try this
when HTTP_REQUEST { if { [matchclass [string tolower [HTTP::uri]] eq uri_datagroup] and [matchclass [IP::client_addr] ne address_datagroup] } { HTTP::redirect "http://www.example.com" } } 
hoolioCirrostratus
One small suggestion:
I didn't think matchclass or class accept the ne operator. If they don't, you can negate the command status using not or !:when HTTP_REQUEST { if { [matchclass [string tolower [HTTP::uri]] eq uri_datagroup] and not ([matchclass [IP::client_addr] eq address_datagroup]) } { HTTP::redirect "http://www.example.com" } }
Aaron- Chris_MillerAaron - I thought about using ! but assumed it would support "ne" since it supports "eq." Any idea why it's not supported?
- hoolioHere's the wiki page entry for this:
http://devcentral.f5.com/wiki/default.aspx/iRules/class
The for both of the above forms can be:
equals, starts_with, ends_with, contains
I'm not sure why ne doesn't work. It seems like it would be a simple change. If you'd like this added, you could make a feature request. Your request as a customer might have more weight than mine :)
Aaron
