Forum Discussion
simple iRule for restricting access
I am using a simple iRule to restrict access and give a message as follows:
when HTTP_REQUEST {
if {[matchclass [IP::remote_addr] equals $::ip_list]}
{[HTTP::respond 200 content "Sorry
This is a restricted site"]
}
else {
pool web_pool
}
}
This iRule works fine with an http virtual server.
However when i create a simple https virtual server with a simple client ssl profile I get a connection reset.
Am I missing something obvious?
I have tried with version 9.4 and version 9.2.4
thx
2 Replies
- Try taking away the brackets from around the HTTP::respond command
when HTTP_REQUEST { if {[matchclass [IP::remote_addr] equals $::ip_list]} { HTTP::respond 200 content "SorryThis is a restricted site" } else { pool web_pool } }
brackets should only be used when you are executing a "get" type command where you are expecting the results to be returned into a variable.use brackets to return value set host [HTTP::host] do not use brackets when setting or calling a command HTTP::host "www.foo.com"
As for why this isn't working with a SSL profile, you'll need to make sure you have SSL setup correctly to decrypt the content. Try adding a log statement to the code to try to diagnose the issues.when HTTP_REQUEST { log local0. "client address: [IP::remote_addr]" if {[matchclass [IP::remote_addr] equals $::ip_list]} { log local0. "Client is bad, sending http response message..." HTTP::respond 200 content "SorryThis is a restricted site" } else { log local0. "Client is good, passing along to pool web_pool" pool web_pool } }
Then look in your /var/log/ltm file to see what comes up. Odds are by looking at the output you'll get it figured out.
-Joe
-Joe - I took out the brackets and everything works fine.
thanks.
