Forum Discussion

Sabir_Alvi's avatar
Icon for Altocumulus rankAltocumulus
Mar 08, 2018

Single iRule for multiple customers to whitelist blacklist via data group

We have been using separate whitelist/blacklist for each customer so far, since we used separate VIP for each customer. But we are now planning to move to single VIP configuration to handle traffic for all customers for which we have the iRule in our test lab which works fine for our requirement.

However we would also like to have one common iRule for whitelist/blacklist that can be handle traffic via data group, to avoid editing iRule for every new customer addition. Please suggest syntax for the same.

    if { ([matchclass [string tolower [HTTP::host][HTTP::uri]] contains "Customer1_Blacklist_URLs"]) and ([matchclass [IP::remote_addr] equals "Customer1_Blacklist_IPs"]) } { HTTP::respond 403 }

    if{ ([matchclass [string tolower [HTTP::host][HTTP::uri]] contains "Customer2_Blacklist_URLs"]) and ([matchclass [IP::remote_addr] equals "Customer2_Blacklist_IPs"]) } { HTTP::respond 403 }

1 Reply

  • I recommend to configure only one datagroup, with customer name in value.


    Then, in class match command, add -value parameter to return the value instead of 0/1


    Finally, check if the value equals (or contains) the customer name!