Forum Discussion
CirrostratusUsing Multiple iRule s for Client Selection
i have a domain i.e out.abc.com, there are multiple subdomains also hosted on that vip. I am using an Irule for subdomain based switching.
IRule being used for switching is :
switch [HTTP::host] {
out.abc.com { pool out_abc_com }
out2.abc.com { pool out2_abc_com }
out3.abc.com { pool out3_abc_com }
internal.abc.com { pool internal_abc_com }
default { pool default_i2cinc_com}
}
}
The Issue is i have to limit access of subdomain "internal.abc.com" to some internal ips mentioned in data class.
I tried to use Irule for the access but when i apply that access irule it starts rejecting all traffic of that VIP.
Please advice .
Irule Used for access implementation is:
when CLIENT_ACCEPTED {
if { [matchclass [IP::client_addr] equals $::allowedAddresses] }{
forward
} else {
discard
}
}
4 Replies
- Kevin_Stewart
Employee
Since it's specific to the internal pool, why not just combine the logic:when HTTP_REQUEST { switch [string tolower [HTTP::host]] { out.abc.com { pool out_abc_com } out2.abc.com { pool out2_abc_com } out3.abc.com { pool out3_abc_com } internal.abc.com { if { [class match [IP::client_addr] equals allowedAddresses] } { pool internal_abc_com } else { discard } } default { pool default_i2cinc_com} } }
By the way, assuming you're not still on a 9.x box, matchclass is now deprecated and you don't need the "$::" syntax to address data groups. 
Emadalright. let me check with and reply back to you.
ArieAltostratus
1) You'll want to avoid "$::" like the plague if you're on v.11 - it can lead to very nasty problems.
2) Have you considered configuring dedicated VIPs for the subdomains?- Kevin_StewartYou don't use the $:: syntax when accessing data groups in v11, but you would use it to access the static namespace. Some would argue that global variables are generally bad, but they do have their place in some situations.
