For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

MSM Bypass

Problem this snippet solves:

This iRule allows you to bypass MSM (Mail Security Module) for known-good senders by disabling all subsequent iRules (including the MSM iRule) for addresses in a specified class of allowlisted IP addresses.

The Class

First create a data group list (class) of type Address that contains the IP addresses and/or subnets from which mail will always be accepted: class allow_list { host 10.10.10.1 net 192.168.0.0 255.255.0.0 }

Then apply the following iRule to the same virtual server to which MSM is associated:

How to use this snippet:


Code :

priority 1
when CLIENT_ACCEPTED {  
  if { [matchclass [IP::client_addr] equals $::allow_list] } {  
  log local0. "client: [IP::client_addr] found in allow_list directed to http_test_pool"  
pool http_test_pool  
event disable all  
  }  
  elseif { [matchclass [IP::client_addr] equals $::deny_list] } {  
    log local0. " client: [IP::client_addr] found in deny_list directed to http_test_pool_2"  
pool http_test_pool_2   
           # or discard  
event disable all  
  }  
}
Published Mar 18, 2015
Version 1.0
application delivery
iRules
security
No CommentsBe the first to comment