Forum Discussion
ahmed_ismail_21
Nimbostratus
Nimbostratuswhy F5 give me this error
looking for close parenthesis}][{($allowed == 0) and ([HTTP::uri] end_with "/register")}]
when CLIENT_ACCEPTED { set allowed 0 if { [ class match -- [whereis [IP::client_addr] country] equals "EG"] or [[ whereis [IP::client_addr] country ] not equals "EG" ] } { set allowed 1 } } when HTTP_REQUEST { if {($allowed == 0) and ([HTTP::uri] end_with "/register")} { HTTP::respond 403 content "Blocked!"} }
guys kindly advise
27 Replies
Yann_DesmarestCirrus
Hi,
You are using end_with but the correct syntax is ends_with :
when CLIENT_ACCEPTED { set allowed 0 if { [class match -- [whereis [IP::client_addr] country] equals "EG"] or [[whereis [IP::client_addr] country ] not equals "EG"] } { set allowed 1 } } when HTTP_REQUEST { if { ($allowed == 0) and ([HTTP::uri] ends_with "/register") } { HTTP::respond 403 content "Blocked!" } }
ahmed_ismail_21Thank you Yann- ahmed_ismail_21Hi Yann, when I applied this iRule to virtual server, the below error message appear to me. Unable to find value_list (EG) referenced at line 3: [class match -- [whereis [IP::client_addr] country] eq "EG"]
Vijay_ESee this: https://devcentral.f5.com/wiki/iRules.whereis.ashx There is a link to the country code: https://www.iso.org/obp/ui/search/code/
Yann_Desmarest_Nacreous
Hi,
Just see that the class match cause your error. Try this instead :
when CLIENT_ACCEPTED { set allowed 0 if { [whereis [IP::client_addr] country] equals "EG" } { set allowed 1 } } when HTTP_REQUEST { if { ($allowed == 0) and ([HTTP::uri] ends_with "/register") } { HTTP::respond 403 content "Blocked!" } }- ahmed_ismail_21Hi Yann, your help is appreciated, the below iRule didn't work, means when I opening this URL "test.com/register" which end with /register from Egypt, the website didn't redirect me to test.com/register, plus home page of website didn't open as well. when CLIENT_ACCEPTED { set allowed 0 if { ([whereis [IP::client_addr] country] equals "EG") or (![whereis [IP::client_addr] country ] equals "EG") } { set allowed 1 } } when HTTP_REQUEST { if { ($allowed == 0) and ([HTTP::uri] ends_with "/register") } { HTTP::redirect "http://www.test.com/register"} elseif { ($allowed == 1) and ([HTTP::path] ends_with "/register") } { HTTP::redirect "http://www.test/login"} else {pool test} }
- Yann_Desmarest
Hi,
Just see that the class match cause your error. Try this instead :
when CLIENT_ACCEPTED { set allowed 0 if { [whereis [IP::client_addr] country] equals "EG" } { set allowed 1 } } when HTTP_REQUEST { if { ($allowed == 0) and ([HTTP::uri] ends_with "/register") } { HTTP::respond 403 content "Blocked!" } }- ahmed_ismail_21Hi Yann, your help is appreciated, the below iRule didn't work, means when I opening this URL "test.com/register" which end with /register from Egypt, the website didn't redirect me to test.com/register, plus home page of website didn't open as well. when CLIENT_ACCEPTED { set allowed 0 if { ([whereis [IP::client_addr] country] equals "EG") or (![whereis [IP::client_addr] country ] equals "EG") } { set allowed 1 } } when HTTP_REQUEST { if { ($allowed == 0) and ([HTTP::uri] ends_with "/register") } { HTTP::redirect "http://www.test.com/register"} elseif { ($allowed == 1) and ([HTTP::path] ends_with "/register") } { HTTP::redirect "http://www.test/login"} else {pool test} }
- Yann_Desmarest
Hi,
are the exact opposite.([whereis [IP::client_addr] country] equals "EG") or (![whereis [IP::client_addr] country ] equals "EG")You have to remove one of the condition. Because of possible subsequent requests, I suggest to change a little bit your irule. For example :
when HTTP_REQUEST { set allowed 0 if { !([whereis [IP::client_addr] country ] equals "EG") } { set allowed 1 } if { ($allowed == 0) and ([HTTP::path] ends_with "/register") } { HTTP::redirect "http://www.test.com/register" } elseif { ($allowed == 1) and ([HTTP::path] ends_with "/register") } { HTTP::redirect "http://www.test/login" } else { pool test } }- ahmed_ismail_21Hi Yann, First Thank you, but unfortunately didn't work at all even the main website didn't work, means when I tried to open the main website test.com, which match on pool test didn't open, wrap up, the redirect and main page of website didn't work.
- Yann_Desmarest_
Hi,
are the exact opposite.([whereis [IP::client_addr] country] equals "EG") or (![whereis [IP::client_addr] country ] equals "EG")You have to remove one of the condition. Because of possible subsequent requests, I suggest to change a little bit your irule. For example :
when HTTP_REQUEST { set allowed 0 if { !([whereis [IP::client_addr] country ] equals "EG") } { set allowed 1 } if { ($allowed == 0) and ([HTTP::path] ends_with "/register") } { HTTP::redirect "http://www.test.com/register" } elseif { ($allowed == 1) and ([HTTP::path] ends_with "/register") } { HTTP::redirect "http://www.test/login" } else { pool test } }- ahmed_ismail_21Hi Yann, First Thank you, but unfortunately didn't work at all even the main website didn't work, means when I tried to open the main website test.com, which match on pool test didn't open, wrap up, the redirect and main page of website didn't work.
