Forum Discussion

Altostratus

Feb 24, 2014

Using 2 different Data Groups to control traffic to a Virtual Server in an iRule

I am trying to determine the best way to modify an iRule that I am using to control access to a specific Virtual Server. Currently the iRule is as follows: when HTTP_REQUEST { if { not [class mat...

Employee

Feb 24, 2014

Try this:

when HTTP_REQUEST {
    if { [class match [IP::addr] equals BlacklistedAddresses] } {
        HTTP::respond 403 content "403 - Forbidden"
    } elseif { not ( [class match [IP::client_addr] equals trustedAddresses] ) } {
        HTTP::respond 403 content "403 - Forbidden"
         event HTTP_REQUEST disable
    }
}

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Using 2 different Data Groups to control traffic to a Virtual Server in an iRule

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Changes to DO and AS3 GitHub - no longer monitored

ASM/AWAF declarative policy

Help with SSH Virtual Server

GRE Tunnel Issue

Help with an iRule to disconnect active connections to Pool Members that are "offline"

Related Content

The Ingress NGINX Alternative: F5 NGINX Ingress Controller for the Long Term

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

JWT authorization with NGINX Ingress Controller

Why K8s Egress Traffic Policy Control is Critical to Security Architecture- Part 1

Overview of MITRE ATT&CK Tactic - TA0011 Command and Control

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS