Forum Discussion
Leonardo_Souza
May 10, 2017Cirrocumulus
For this case, datagroup is better for keeping the code simple, and easy to add new IPs or networks. I haven't try to understand what is wrong with your iRule, as I just wrote a better version.
Here is an iRule with your requirements, with some changes so I could test in my lab:
when HTTP_REQUEST {
if { [string tolower [HTTP::path]] starts_with "/admin" } {
if { not ( [class match [IP::client_addr] equals "datagroup-ip"] ) } {
log local0. "Client Source IP: [IP::client_addr]:[TCP::client_port]"
discard
}
}
}
Just create a data group called datagroup-ip, or any name you want as long you change the name in the iRule. This is a simple datagroup type address.
ltm data-group internal datagroup-ip {
records {
10.0.0.30/32 { }
}
type ip
}