For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JP_42120's avatar
JP_42120
Icon for Nimbostratus rankNimbostratus
Dec 02, 2014

Trying to add more restrictions to exiting iRule with flags

Hi, we are trying to additional restrictions based on new IP and URL to existing rule... Below is an example of our current and also NEW iRule. does this look right? is there a better way to do th...
JP_42120's avatar
JP_42120
Icon for Nimbostratus rankNimbostratus
Dec 02, 2014

Combining both methods....

 

new iRule

when HTTP_REQUEST { if { [HTTP::host] starts_with "foo.com" } { If URI match allowed URI's if { [class match [HTTP::uri] starts_with allow_URI_data_group ] } { if { [class match [IP::client_addr] equals allow_address_data_group ] } { pool 80_pool } else { HTTP::redirect "http://deafult-internal.net" } } If URI start with new URI validate allowed IP and send it to the pool or redirect elseif { [class match [HTTP::uri] starts_with new_allow_URI_data_group ] } { if { [class match [IP::client_addr] equals new_allow_address_data_group ] } { pool 80_pool } else { HTTP::redirect "http://deafult-internal.net" } } Redirect all other URI else { HTTP::redirect "http://www.default-external" } } }

 

Brad_Parker's avatar
Brad_Parker
Icon for Cirrus rankCirrus
Dec 02, 2014
Once you start needing that many uri options the data group is the way to go.