For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

uid01040_95184's avatar
uid01040_95184
Icon for Nimbostratus rankNimbostratus
Mar 06, 2009

Referencing Sourc-IP of Pool-Members

Hi,     I have to check if the source-ip of a http-request   matches any member node of a given pool; is there a way to do this without comparing the source-ip to a list of strings co...
application delivery
dev
devops
iRules
hoolio's avatar
hoolio
Icon for Cirrostratus rankCirrostratus
Mar 06, 2009
Hi,

What are you trying to accomplish? Do you want to check if the source IP address is the same as the selected pool member's IP address? Or do you want to check if any member of the pool is the source IP address? Or something entirely different?

For the former, you could use: 

  
 when LB_SELECTED {  
     This event is triggered when a load balancing decision has been made  
  
     Check if the client IP address is the selected pool member IP address  
    if {[IP::addr [IP::client_addr] equals [LB::server addr]}{  
  
        client IP is the same as the server IP  
    }  
 }

To check if the client IP address is part of the pool, you could use a rule like this. I'm guessing that the pool member port would be the same as the virtual server port. If that's not the case, you could hardcode the port assuming it's the same for all pool members. 

  
 when CLIENT_ACCEPTED {  
     Check if client IP:VIP port exists in the pool and is marked up  
    if {[LB::status pool [LB::server pool] member [IP::client_addr] [TCP::local_port]] eq "UP"}{  
  
        The client IP is in this pool and marked up  
    }  
 }

If neither of these examples is close to what you're trying to do, can you elaborate?

Thanks,

Aaron