Forum Discussion
Sabir_Alvi
Altocumulus
AltocumulusWhitelist Blacklist iRule using data group for multiple clients
We are testing single VIP configuration in our test lab, where single public IP will be assigned to multiple clients, using an iRule with a data group.
iRule looks like this ---
when HTTP_REQUEST {
set pool [class match -value -- [HTTP::host] equals test_url]
if {$pool ne ""} {
pool $pool
}
}
test_url is data group which has strings mapped to appropriate pools of each client.
For example, string client1.com mapped to pool client1.net.
string client2.com mapped to pool client2.net
Now the issue is we want to include whitelist/blacklist for these clients in the same iRule if possible or even a separate iRule would be OK. Could someone suggest the syntax for whitelising/blacklisting based on client string and remote IP pair in data group?
For example, if string has client1 and matches dg_whitelist_1, allow.
if string has client2 and matches dg_whitelist_2, allow.
if string has client3 and matches dg_blacklist_1, deny.
There are also clients with no whitelist/blacklist, so it should work just fine for them within same iRule.
Only1masterbla1Cirrus
You should be able to validate client IP as follow: [IP::addr [IP::client_addr]/8 equals 10.0.0.0]
You may put value 10.0.0.0 in whitelist datagroup and check its value for comparison.
Further details: https://devcentral.f5.com/wiki/iRules.IP__addr.ashx