Forum Discussion
ahmed_ismail_21
Nimbostratus
Nimbostratuswhy F5 give me this error
looking for close parenthesis}][{($allowed == 0) and ([HTTP::uri] end_with "/register")}]
when CLIENT_ACCEPTED { set allowed 0 if { [ class match -- [whereis [IP::client_addr] country] equals "EG"] or [[ whereis [IP::client_addr] country ] not equals "EG" ] } { set allowed 1 } } when HTTP_REQUEST { if {($allowed == 0) and ([HTTP::uri] end_with "/register")} { HTTP::respond 403 content "Blocked!"} }
guys kindly advise
27 Replies
Yann_DesmarestCirrus
Hi,
You are using end_with but the correct syntax is ends_with :
when CLIENT_ACCEPTED { set allowed 0 if { [class match -- [whereis [IP::client_addr] country] equals "EG"] or [[whereis [IP::client_addr] country ] not equals "EG"] } { set allowed 1 } } when HTTP_REQUEST { if { ($allowed == 0) and ([HTTP::uri] ends_with "/register") } { HTTP::respond 403 content "Blocked!" } }
ahmed_ismail_21Thank you Yann- ahmed_ismail_21Hi Yann, when I applied this iRule to virtual server, the below error message appear to me. Unable to find value_list (EG) referenced at line 3: [class match -- [whereis [IP::client_addr] country] eq "EG"]
Vijay_ESee this: https://devcentral.f5.com/wiki/iRules.whereis.ashx There is a link to the country code: https://www.iso.org/obp/ui/search/code/
Yann_Desmarest_Nacreous
Hi,
You are using end_with but the correct syntax is ends_with :
when CLIENT_ACCEPTED { set allowed 0 if { [class match -- [whereis [IP::client_addr] country] equals "EG"] or [[whereis [IP::client_addr] country ] not equals "EG"] } { set allowed 1 } } when HTTP_REQUEST { if { ($allowed == 0) and ([HTTP::uri] ends_with "/register") } { HTTP::respond 403 content "Blocked!" } }- ahmed_ismail_21Thank you Yann
- ahmed_ismail_21Hi Yann, when I applied this iRule to virtual server, the below error message appear to me. Unable to find value_list (EG) referenced at line 3: [class match -- [whereis [IP::client_addr] country] eq "EG"]
- Vijay_ESee this: https://clouddocs.f5.com/api/irules/whereis.html There is a link to the country code: https://www.iso.org/obp/ui/search/code/
- Yann_Desmarest
Hi,
Just see that the class match cause your error. Try this instead :
when CLIENT_ACCEPTED { set allowed 0 if { [whereis [IP::client_addr] country] equals "EG" } { set allowed 1 } } when HTTP_REQUEST { if { ($allowed == 0) and ([HTTP::uri] ends_with "/register") } { HTTP::respond 403 content "Blocked!" } }- ahmed_ismail_21Hi Yann, your help is appreciated, the below iRule didn't work, means when I opening this URL "test.com/register" which end with /register from Egypt, the website didn't redirect me to test.com/register, plus home page of website didn't open as well. when CLIENT_ACCEPTED { set allowed 0 if { ([whereis [IP::client_addr] country] equals "EG") or (![whereis [IP::client_addr] country ] equals "EG") } { set allowed 1 } } when HTTP_REQUEST { if { ($allowed == 0) and ([HTTP::uri] ends_with "/register") } { HTTP::redirect "http://www.test.com/register"} elseif { ($allowed == 1) and ([HTTP::path] ends_with "/register") } { HTTP::redirect "http://www.test/login"} else {pool test} }
- Yann_Desmarest_
Hi,
Just see that the class match cause your error. Try this instead :
when CLIENT_ACCEPTED { set allowed 0 if { [whereis [IP::client_addr] country] equals "EG" } { set allowed 1 } } when HTTP_REQUEST { if { ($allowed == 0) and ([HTTP::uri] ends_with "/register") } { HTTP::respond 403 content "Blocked!" } }- ahmed_ismail_21Hi Yann, your help is appreciated, the below iRule didn't work, means when I opening this URL "test.com/register" which end with /register from Egypt, the website didn't redirect me to test.com/register, plus home page of website didn't open as well. when CLIENT_ACCEPTED { set allowed 0 if { ([whereis [IP::client_addr] country] equals "EG") or (![whereis [IP::client_addr] country ] equals "EG") } { set allowed 1 } } when HTTP_REQUEST { if { ($allowed == 0) and ([HTTP::uri] ends_with "/register") } { HTTP::redirect "http://www.test.com/register"} elseif { ($allowed == 1) and ([HTTP::path] ends_with "/register") } { HTTP::redirect "http://www.test/login"} else {pool test} }
- Yann_Desmarest_
Hi,
are the exact opposite.([whereis [IP::client_addr] country] equals "EG") or (![whereis [IP::client_addr] country ] equals "EG")You have to remove one of the condition. Because of possible subsequent requests, I suggest to change a little bit your irule. For example :
when HTTP_REQUEST { set allowed 0 if { !([whereis [IP::client_addr] country ] equals "EG") } { set allowed 1 } if { ($allowed == 0) and ([HTTP::path] ends_with "/register") } { HTTP::redirect "http://www.test.com/register" } elseif { ($allowed == 1) and ([HTTP::path] ends_with "/register") } { HTTP::redirect "http://www.test/login" } else { pool test } }- ahmed_ismail_21Hi Yann, First Thank you, but unfortunately didn't work at all even the main website didn't work, means when I tried to open the main website test.com, which match on pool test didn't open, wrap up, the redirect and main page of website didn't work.
- Yann_Desmarest
Hi,
are the exact opposite.([whereis [IP::client_addr] country] equals "EG") or (![whereis [IP::client_addr] country ] equals "EG")You have to remove one of the condition. Because of possible subsequent requests, I suggest to change a little bit your irule. For example :
when HTTP_REQUEST { set allowed 0 if { !([whereis [IP::client_addr] country ] equals "EG") } { set allowed 1 } if { ($allowed == 0) and ([HTTP::path] ends_with "/register") } { HTTP::redirect "http://www.test.com/register" } elseif { ($allowed == 1) and ([HTTP::path] ends_with "/register") } { HTTP::redirect "http://www.test/login" } else { pool test } }- ahmed_ismail_21Hi Yann, First Thank you, but unfortunately didn't work at all even the main website didn't work, means when I tried to open the main website test.com, which match on pool test didn't open, wrap up, the redirect and main page of website didn't work.
- Yann_Desmarest
Hi,
Sorry just published a new version, I saw a mistake in the irule :
can't use empty string as operand of "!" while executing "if { (![whereis [IP::client_addr] country ] equals "EG") } { set allowed 1 }"here the irule :
when HTTP_REQUEST { set allowed 0 if { !([whereis [IP::client_addr] country ] equals "EG") } { set allowed 1 } if { ($allowed == 0) and ([HTTP::path] ends_with "/register") } { HTTP::redirect "http://www.test.com/register" } elseif { ($allowed == 1) and ([HTTP::path] ends_with "/register") } { HTTP::redirect "http://www.test.com/login" } else { pool test } }- ahmed_ismail_21Hi Yann, Thank you for your support, now main website is work, but the URL test.com/register which end with /register didn't work, mean the web page didn't open, whatever I open this URL from Egypt or Not.
- Yann_Desmarest_
Hi,
Sorry just published a new version, I saw a mistake in the irule :
can't use empty string as operand of "!" while executing "if { (![whereis [IP::client_addr] country ] equals "EG") } { set allowed 1 }"here the irule :
when HTTP_REQUEST { set allowed 0 if { !([whereis [IP::client_addr] country ] equals "EG") } { set allowed 1 } if { ($allowed == 0) and ([HTTP::path] ends_with "/register") } { HTTP::redirect "http://www.test.com/register" } elseif { ($allowed == 1) and ([HTTP::path] ends_with "/register") } { HTTP::redirect "http://www.test.com/login" } else { pool test } }- ahmed_ismail_21Hi Yann, Thank you for your support, now main website is work, but the URL test.com/register which end with /register didn't work, mean the web page didn't open, whatever I open this URL from Egypt or Not.
- Yann_Desmarest_
Just to summarize what the irule do :
- if Country=EG and path=/register then redirect to http://www.test.com/register
- if Country!=EG and path=/register then redirect to http://www.test.com/login
- if path!=/register then go to pool test
What is your exact issue now ?
Where is www.test.com located ?
Is it the same VS or another one ?
- ahmed_ismail_21The redirect didn't work, the www.test.com located at Egypt, the same VS. I made test, I located at Egypt, and change redirect to be http://www.test.com/login, and open url which end with /register, but F5 didn't redirect me to www.test.com/login.
- Yann_Desmarest_You should trace http request/response on your computer using httpwatch or fiddler for example. The provided irule works for me in my lab so I believe that you have another issue on your side
- Yann_Desmarest
Just to summarize what the irule do :
- if Country=EG and path=/register then redirect to http://www.test.com/register
- if Country!=EG and path=/register then redirect to http://www.test.com/login
- if path!=/register then go to pool test
What is your exact issue now ?
Where is www.test.com located ?
Is it the same VS or another one ?
- ahmed_ismail_21The redirect didn't work, the www.test.com located at Egypt, the same VS. I made test, I located at Egypt, and change redirect to be http://www.test.com/login, and open url which end with /register, but F5 didn't redirect me to www.test.com/login.
- Yann_DesmarestYou should trace http request/response on your computer using httpwatch or fiddler for example. The provided irule works for me in my lab so I believe that you have another issue on your side
