Hi Oninicus,
its also possible to use [class match] for the IP comparsion. But keep in mind, that [class match] requires LTM data-groups to store the allowed IP adresses / subnets.
The [class match] code would look like this...
Datagroup:
ltm data-group internal YOUR_DATA_GROUP {
records {
116.213.0.0/16 { }
141.113.128.0/19 { }
}
type ip
}
iRule:
when HTTP_REQUEST {
if { [string tolower [HTTP::uri]] eq "/login" } then {
if { [class match [IP::client_addr] equals YOUR_DATA_GROUP] } then {
Let the request pass...
} else {
HTTP::respond 403 content "Access Denied"
}
} else {
Let the request pass...
}
}
Cheers, Kai