For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Moayad_Hamdan_3's avatar
Moayad_Hamdan_3
Icon for Nimbostratus rankNimbostratus
Dec 04, 2016
Solved

URL and IP check iRule

Hi all i have the following code:

when CLIENT_ACCEPTED {
  set poolDefault [LB::server pool] 
} 
when HTTP_REQUEST {
  set path [string tolower [HTTP::path]]
  if { $path contains "/g2b"} {
    pool G2B_Pool
  } elseif { $path contains "/portal/g2c"} {
      pool G2C_Pool
  } else {pool B2B_Pool}
}

i want to add this----->elseif { $path contains "/_layout/15"} and (IP=10.10.10.10 or ip=10.10.10.11) {pool G2b_Pool}

how to add it in the code?

application delivery
BIG-IP
devops
iRules
  • VernonWells's avatar
    VernonWells
    Dec 04, 2016

     

    when HTTP_REQUEST {
    switch -glob [HTTP::path] {
        "*/g2b*" { pool G2B_Pool }
        "*/portal/g2c*" { pool G2C_Pool }
        "*/_layout/15*" {
            if { [IP::client_addr] matches_glob "10.10.10.1\[01\]" } {
                pool G2B_Pool
            }
        }
    }
}

     

    I removed the CLIENT_ACCEPTED code because, unless poolDefault is actually utilized elsewhere. I also removed the default branch (the else clause in the original code). If the pool associated with the Virtual Server is already set to B2B_Pool, then the default branch is redundant. Finally, I removed the string tolower for the path. Whether it makes sense depends on the path semantics for the webserver. See the Analysis section in this recipe for more details: