For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Tom_Bortels_112's avatar
Tom_Bortels_112
Icon for Nimbostratus rankNimbostratus
Dec 29, 2013

reject not rejecting?

I have to be missing something simple here... setting up a new irule to do a simple whitelist. Here's the whole thing (stolen shamelessly from somewhere else on DevCentral): when HTTP_REQUEST { ...
application delivery
devops
iRules
nitass_89166's avatar
nitass_89166
Icon for Noctilucent rankNoctilucent
Dec 30, 2013

the irule is executing, but the "reject" isn't seemingly rejecting. I tried "discard" and "drop", same behavior.

 

can you try CLIENT_ACCEPTED instead of HTTP_REQUEST?

 

HTTP::respond gave me back an error about HTTP or ICAP profiles that I can't seem to find any docs on.

 

have you assigned http profile to the virtual server?

 

Tom_Bortels_112's avatar
Tom_Bortels_112
Icon for Nimbostratus rankNimbostratus
Dec 30, 2013
CLIENT_ACCEPTED has the same behavior - it logs that the connection is denied, but I still get back the content to the client. The virtual server profile is "fasthttp" - the only one visible in the dropdown. Here's the actual config (slightly censored): ltm virtual /Common/test { description "test for bortels" destination /Common/63.xx.xx.xx:80 ip-protocol tcp mask 255.255.255.255 pool /Common/testweb profiles { /Common/fasthttp { } } rules { /Common/trusted_ips_only } source 0.0.0.0/0 translate-address enabled translate-port enabled }