Single iRule for multiple customers to whitelist blacklist via data group

Question

We have been using separate whitelist/blacklist for each customer so far, since we used separate VIP for each customer. But we are now planning to move to single VIP configuration to handle traffic for all customers for which we have the iRule in our test lab which works fine for our requirement.
However we would also like to have one common iRule for whitelist/blacklist that can be handle traffic via data group, to avoid editing iRule for every new customer addition. Please suggest syntax for the same.
when HTTP_REQUEST {
    if { ([matchclass [string tolower [HTTP::host][HTTP::uri]] contains "Customer1_Blacklist_URLs"]) and ([matchclass [IP::remote_addr] equals "Customer1_Blacklist_IPs"]) } { HTTP::respond 403 }
}

when HTTP_REQUEST {
    if{ ([matchclass [string tolower [HTTP::host][HTTP::uri]] contains "Customer2_Blacklist_URLs"]) and ([matchclass [IP::remote_addr] equals "Customer2_Blacklist_IPs"]) } { HTTP::respond 403 }
}

stanislas_piro2 · Answer

I recommend to configure only one datagroup, with customer name in value.&nbsp;
Then, in class match command, add -value parameter to return the value instead of 0/1&nbsp;
Finally, check if the value equals (or contains) the customer name!&nbsp;

Forum Discussion

Single iRule for multiple customers to whitelist blacklist via data group

Recent Discussions

self-directed requests fail because of no certificate

Decode ObjectSID from Base64-encode string

iRule - Url rewrite and header replace and pool selection not working

ip x-forwarding

F5 ASM API-Protection Policy

Related Content

Global Blacklist or Whitelist

F5 Distributed Cloud Customer Edge on F5 rSeries – Reference Architecture

Deploying F5 Distributed Cloud Customer Edge in Red Hat OpenShift Virtualization

F5 Distributed Cloud - Customer Edge Site - Deployment & Routing Options

BIG-IP AFM Blacklisting Magic

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS