Forum Discussion
smiley_dba_1116
Nimbostratus
NimbostratusWhitelist via FTP
Question, I have created whitelist in the past, but have been recently been asked to create a whitelist for FTP clients. THe premise of the rule is, if you come this IP address, get directed to this pool. Else, go to this IP address. Would I have to invoke a client_Accept instead of a HTTP_REQUEST?
when HTTP_REQUEST {
if {not ([class match [IP::remote_addr] equals Whitelist_Sorry]) } {
pool some_FTP_Pool
}
else {
pool some_other_FTP_Pool
log local0. "Condition not matched. Go here.."
}
}
class Whitelist_Sorry {
{
host 10.10.5.139
network 172.16.0.0/16
}
}
5 Replies
arpydaysYes, if you are only matching on IPs and not switching to different paths etc CLIENT_ACCEPTED will work..
smiley_dba_1116So the rule would look something like below?
when CLIENT_ACCEPTED { if {([class match [IP::remote_addr] equals Whitelist_Sorry]) } { pool some_FTP_Pool } else { pool some_other_FTP_Pool log local0. "Condition not matched. Go here.." } }
VernonWellsEmployee
Yes, assuming that the DataGroup Whitelist_Sorry is of type "address", this should work.
- smiley_dba_1116
hmmm. the else statement is killing it. any other way to add a else value into this iRule?
Error: 01070151:3: Rule [/Common/Whitelist_Test] error: /Common/Whitelist_Test:5: error: [undefined procedure: else][else { pool some_other_FTP_Pool log local0. "Condition not matched. Go here.." }] - smiley_dba_1116
Found it. it was the else statement being on its own line. easy fix. thanks guys!
