For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Dave_Marshaloni's avatar
Dave_Marshaloni
Icon for Nimbostratus rankNimbostratus
Mar 22, 2011

Redirect User to different host based on source address

Hello All,

 

 

I'm new to iRules so this question may be stupid or not able to be accomplished.

 

 

We have a website (i.e. www.server.com) that we have. We want our internal users to be directed to a different Pool and everyone else be directed to the default Pool. Can I do that? What would the iRule look like?

 

 

Thanks

 

 

-dave
application delivery
dev
devops
iRules

10 Replies

  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    Mar 22, 2011
    Actually it is a good question and you can do it.

     

     

    The answer to the question depends on how you want to differentiate between internal and external users. Did you want to do it based on the Client IP Address or some other criteria?
  • Dave_Marshaloni's avatar
    Dave_Marshaloni
    Icon for Nimbostratus rankNimbostratus
    Mar 23, 2011
    I would want it based on client IP. For example if they were in either 192.168.1.0/24 or 192.168.2.0/24 subnets send them to a certain pool and the rest go to another pool.

     

     

    Thanks for your help.

     

     

    -dave
  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Mar 23, 2011
    Fun 

    
when CLIENT_ACCEPTED {
    if { [IP::addr[IP::client_addr] eq 192.168.1.0/23] } {
           pool pool_x }
   else { pool pool_y }
         }
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Mar 23, 2011
    Nice work. For IP::addr, I think you need to spell out equals. You could also add multiple IP subnets to an address type datagroup and use the class match command to do the lookup:

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/class

     

     

    Aaron
  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Mar 23, 2011
    Posted By hoolio on 03/23/2011 08:51 AM

     

    Nice work. For IP::addr, I think you need to spell out equals.

     

     

    Aaron

     

    That a TCL thing or an iRules thing? Growing weary of these weird nuances. :-P
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Mar 23, 2011
    Ha... per the expr TCL wiki page, equals don't exist as an operator. So this is an iRule peculiarity.

     

     

    Aaron
  • Dave_Marshaloni's avatar
    Dave_Marshaloni
    Icon for Nimbostratus rankNimbostratus
    Mar 23, 2011
    Thanks so for the code? I have 4 or 5 subnets that I need to included. Can I add them to gether and use OR or some other operator?
  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    Mar 24, 2011
    You could string them together, but it is cleaner to create a Data Group (Under Local Traffic -> iRules -> Data Group List) to put all of your subnets in.

    Create group.

    General Properties:

    Type Address.

    Records:

    Type Network.

    Then modify your iRule to perform a class match (class match is v10. You will need to use matchclass and some different syntax for v9). In this case I named the class: mynetworks. 

    
when CLIENT_ACCEPTED {
if { [class match IP::addr[IP::client_addr] eq mynetworks] } {
pool matching.pool.name
}
else {
pool nonmatching.pool.name
}
}
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Mar 24, 2011
    That's a good explanation. Just one small edit: you don't need to use IP::addr with class commands. 

    
when CLIENT_ACCEPTED {
    if { [class match [IP::client_addr] equals mynetworks] } {
        pool matching.pool.name
    }
    else {
        pool nonmatching.pool.name
    }
}

    Aaron