Forum Discussion
Tony2020
Nimbostratus
Mar 22, 2017XFF and efficiently group code/iRule
Hi iRule gurus - Was wondering if anyone can help me take and consolidate/put together the three code section efficiently. It seems there are too many "if" section just to do the same function. ...
Tony2020
Nimbostratus
Mar 23, 2017Hi Guys,
The "elseif" was missing a bracket. I also added the "reject" statement where if you are trying to go to the URI in the data group or URI "*/URI1/URI2/PORTAL/ADMIN" on this site, your IP must match the ones from the XFF defined in the data group. If not, it should reject. Is this correct to use the "reject" or will this deny all traffic to the site? Which is what we do not want to do. Only deny if your XFF IP does match the ones in the data group when you go the URIs on this site.
Thank you.
when HTTP_REQUEST {
if { [active_members MYPOOL-PORT-443] > 1 } {
HTTP::redirect "http://maintenance-page.company.com"
} else {
set CHECK_IP [getfield [HTTP::header values X-Forwarded-For] " " 1]
if { ([class match $CHECK_IP eq "DG-XFF-ALLOWED-IP-LIST"]) } {
if { [class match [HTTP::uri] eq "DG_RESTRICTED_URI"] } {
pool MYPOOL-PORT-443
} elseif { [class match [HTTP::uri] eq "*/URI1/URI2/PORTAL/ADMIN"] } {
HTTP::redirect "https://[HTTP::host]/SECRET/URI1/URI2/ADMIN/"
reject
}
}
}
}
Vijay_E
Cirrus
Mar 23, 2017`if { [active_members MYPOOL-PORT-443] < 1 } {`
Should be less than 1 and not greater than 1
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects