Forum Discussion

smiley_dba_1116's avatar
smiley_dba_1116
Icon for Nimbostratus rankNimbostratus
Jul 14, 2015

Whitelist via FTP

Question, I have created whitelist in the past, but have been recently been asked to create a whitelist for FTP clients. THe premise of the rule is, if you come this IP address, get directed to this pool. Else, go to this IP address. Would I have to invoke a client_Accept instead of a HTTP_REQUEST?

when HTTP_REQUEST { 
if {not ([class match [IP::remote_addr] equals Whitelist_Sorry]) } { 
pool some_FTP_Pool
} 
else { 
            pool some_other_FTP_Pool
    log local0. "Condition not matched. Go here.."
    }
} 

 class Whitelist_Sorry {
   {
      host 10.10.5.139
      network 172.16.0.0/16
   }
}
  • Yes, if you are only matching on IPs and not switching to different paths etc CLIENT_ACCEPTED will work..

     

  • So the rule would look something like below?

    when CLIENT_ACCEPTED { 
    if {([class match [IP::remote_addr] equals Whitelist_Sorry]) } { 
    pool some_FTP_Pool
    } 
    else { 
                pool some_other_FTP_Pool
        log local0. "Condition not matched. Go here.."
        }
    } 
    
  • Yes, assuming that the DataGroup Whitelist_Sorry is of type "address", this should work.

     

  • hmmm. the else statement is killing it. any other way to add a else value into this iRule?

    Error:
    01070151:3: Rule [/Common/Whitelist_Test] error: /Common/Whitelist_Test:5: error: [undefined procedure: else][else { 
    pool some_other_FTP_Pool
    log local0. "Condition not matched. Go here.."
    }]