For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Spidey_29396's avatar
Spidey_29396
Icon for Nimbostratus rankNimbostratus
May 20, 2012

scan comman line meaning

Hi All,

 

 

I'm new with irule. Does any one knows what this line means?

 

 

 

if {[scan [IP::remote_addr] {%*d.%*d.%*d.%d%%%*d} s4] != 1} { reject }

 

 

 

 

 

Appreciate much for your answers.

 

 

 

Thank you!

 

application delivery
dev
devops
iRules

4 Replies

  • John_Alam_45640's avatar
    John_Alam_45640
    Historic F5 Account
    May 24, 2012
    I don't have a ton of experience with the TCL scan command but, here is my 2 cents:

     

     

    It seems like this command parses the last octet from an IP address. If this command is executed in a client side event, then the remote addr is the client IP address. If it executes in a server side event, then the remote addr is the server IP address.

     

     

    Either way, the scan command seems to be pulling the last octect and checking if it is a decimal number. that decimal is then put into the variable S4.

     

     

    There must be more to this though because, what else would the [IP::remote_addr] return besides a series of numbers.

     

     

    HTH.
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    May 31, 2012
    I think the intent of the scan command is to check if the remote IP address has a route domain in the format of 1.1.1.1%1 where each 1 could be any digit(s).

     

     

    Aaron