Forum Discussion

sniffer_375425's avatar
sniffer_375425
Icon for Nimbostratus rankNimbostratus
Jan 28, 2019

Source IP and match http host

Hello everyone,

i am totally new in F5 and i have problems to create irule for my situation, i hope you can help me with it?

I need to configure my F5 for next case:

if http host contains abc.abc.com and if source ip are matched from data group list to forward on some pool but i need to use one iRule and one VS for more services:

example if http::host is abc.abc.com check source and if it is IP 1.1.1.1 redirect on pool test_pool

but i need more checks in same iRule:

if http::host is xxx.yyy.com check source and if it is IP 2.2.2.2 redirect on pool test_pool and so one.

I created something like this:

when HTTP_REQUEST {

if { [HTTP::host] contains "abc.abc.com" } then {
    if { [class match [IP::remote_addr] equals test_user] } then {
        pool test_pool }
} elseif { [HTTP::host] contains "xxx.yyy.com" } then {
    if { [class match [IP::remote_addr] equals test_user] } then {
        pool test_pool }
}

}

but it is not working, can you please help with some explanation how it can be done?

Thanks in advance.

iRules
LTM
security
  • Nicolas_Destor's avatar
    Nicolas_Destor
    Icon for Cirrostratus rankCirrostratus
    Jan 28, 2019

    Hi,

     

    There is no condition to check that the client IP is equal to "1.1.1.1" or "2.2.2.2" in your example.

     

    You can try this code instead:

     

    when HTTP_REQUEST {
    switch -glob [string tolower [HTTP::host]]{
        "abc.abc.com" {
            if { [IP::addr [IP::remote_addr] eq "1.1.1.1/32"] } { pool test_pool }
        }
        "xxx.yyy.com" {
            if { [IP::addr [IP::remote_addr] eq "2.2.2.2/32"] } { pool test_pool }
        }   
    }
}

    And to help for debugging iRule you can use "log local0. " command, that will send the trace into /var/log/ltm log file. More information here: [https://devcentral.f5.com/articles/the101-irules-101-logging-amp-comments]

     

  • sniffer_375425's avatar
    sniffer_375425
    Icon for Nimbostratus rankNimbostratus
    Jan 28, 2019

    I think that i actually have another problem. Now i tried to configure iRule where i will tell if HTTP::host contains abc.abc.com use test_pool but it is not working :(

     

    I created VS with 443 service port, protocol TCP, Protoco profile tcp, HTTP Profile http, and SSL Profile (Client) SSS.COM

     

    i created iRule: when HTTP_REQUEST { if { [HTTP::host] contains "abc.abc.com" } { pool test_pool } }

     

    i have same VS with same setup, just instead of forwarding to pool i am using redirect to external URL and that is working fine.

     

    Please help and tell me what i doing wrong :(

     

    • Nicolas_DE_2299's avatar
      Nicolas_DE_2299
      Icon for Nimbostratus rankNimbostratus
      Jan 28, 2019

      I don't see any issue with your iRule exept a problem of case sensitive. It's a good practice to add "string tolower" to eliminate case on your host comparison.

      If you try with this iRule, do you see the log in /var/log/ltm when a client request abc.abc.com?

      when HTTP_REQUEST { 
  if { [string tolower [HTTP::host]] contains "abc.abc.com" } 
  { 
    log local0. "Inside IF, forward to test_pool" 
    pool test_pool 
  } 
}

      If yes your problem is somewhere else.

    • sniffer_375425's avatar
      sniffer_375425
      Icon for Nimbostratus rankNimbostratus
      Jan 28, 2019

      Yes, i can see the line from code.

       

      Hmm, now i need to find where is the problem :(

       

      I also see that on VS connection is established and on iRule statistics total executions increment.

       

      Tnx for this Nicolas and of course if you have idea what is next that i can check please be free to write :D :D

       

      Cheers.