For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ranvir_Floura_7's avatar
Ranvir_Floura_7
Icon for Nimbostratus rankNimbostratus
Mar 25, 2009

redirect based on source ip address

Need a little help in coming up with an iRule where if the client IP matches i want it going to a pool, if not just redirect to a url. I am missing something here     when CLIENT_ACCEPTED ...
application delivery
dev
devops
iRules
dennypayne's avatar
dennypayne
Icon for Employee rankEmployee
Apr 15, 2009
The wiki says - "Use of IP::addr is not necessary if matchclass command is used to perform the address-to-address comparison" but nonetheless you may want to try: 

 
 if { [matchclass IP:addr[IP::client_addr] equals $::relay_hosts_allowed]} {

The rule looks fine though...so long as LTM has a route to whatever you are trying to get to (or is directly connected) then it should forward the packet.

You could add some logging to see if you're not matching for some reason: 

 
 when CLIENT_ACCEPTED { 
   if { [matchclass [IP::client_addr] equals $::relay_hosts_allowed]} { 
     log local0. "[IP::client_addr] matched an allowed host." 
     forward 
     } else { 
     log local0. "[IP::client_addr] didn't match, dropping" 
     drop 
   } 
 }

Denny