Forum Discussion
TMcGov_92811
Nimbostratus
NimbostratusUsing matchclass to check Source IP with HTTP_REQUEST?
F5 Posting
Hi,
With this iRule I am hoping to direct certain Source IP addresses to Pool-A while directing other HTTP Requests based on URIs to other pools. The syntax is valid, but the iRule doesn't work for any of the conditions. If I remove the first "matchclass" portion the rest of the iRule works. I suspect that using "matchclass" to inspect a client_addr doesn't work with the "HTTP_REQUEST" event. But when I tried to nest the HTTP_REQUEST as part of the original CLIENT_ACCEPTED (in order to use matchclass successfully) the syntax was marked invalid. Will I need two seperate IRules to accomplish this ? One with
the "CLIENT_ACCEPTED" event then a second with the "HTTP_REQUEST" event ?
Combined iRule that doesn't work:
when HTTP_REQUEST {
if { [matchclass $::testips contains [IP::client_addr]] } {
pool poolA
} else {
if { [HTTP::uri] contains "/cf/" or [HTTP::uri] contains "/hf/"} {
pool poolB
} elseif {
[HTTP::uri] contains "/asweb/"} {
pool poolC
} elseif {
[HTTP::uri] contains "/vh/"} {
pool poolD
} else {
pool poolE }
}
}
Individual ones that work seperately:
********************************************************************************
when HTTP_REQUEST {
if { [HTTP::uri] contains "/cf/" or [HTTP::uri] contains "/hf/"} {
pool poolB
} elseif {
[HTTP::uri] contains "/asweb/"} {
pool poolC
} elseif {
[HTTP::uri] contains "/vh/"} {
pool poolD
} else {
pool poolE }
}
}
********************************************************************************
when CLIENT_ACCEPTED {
if { [matchclass $::testips contains [IP::client_addr]] } {
pool poolA
} else {
pool poolE }
}
hoolioCirrostratus
Hi,
I think this might implement the logic you're looking for. If not, try adding logging to the iRule and then modify it as you require.when CLIENT_ACCEPTED { Check if the client IP is in the testips datagroup if { [matchclass [IP::client_addr] equals $::testips] } { Select poolA and track that we've selected a pool pool poolA set pool_selected 1 } else { Continue checking the URI to select a pool set pool_selected 0 } } when HTTP_REQUEST { Check if the pool has already been selected if {$pool_selected}{ Exit this event in this rule return } else { Check the requested path switch -glob [HTTP::path] { "*/cf/*" - "*/hf/*" { pool poolB } "*/asweb/* { pool poolC } "*/vh/* { pool poolD } default { pool poolE } } } }
Aaron- hoolioIf you aren't and don't plan to add other iRules to this VIP, you could replace the pool_selected variable logic and just disable the HTTP_REQUEST event for clients who are in the datagroup. This would apply to all iRules on the VIP though.
when CLIENT_ACCEPTED { Check if the client IP is in the testips datagroup if { [matchclass [IP::client_addr] equals $::testips] } { Select poolA pool poolA Disable the HTTP_REQUEST event for this TCP connection as it isn't needed event HTTP_REQUEST disable } } when HTTP_REQUEST { Check the requested path switch -glob [HTTP::path] { "*/cf/*" - "*/hf/*" { pool poolB } "*/asweb/* { pool poolC } "*/vh/* { pool poolD } default { pool poolE } } }
Aaron