IRule to Allow Counries F5 13.0 Software
Published Sep 28, 2017
Version 1.0Was this article helpful?
your code is not optimized....
each time you use
[whereis [IP::client_addr] country]
, there are 2 commands evaluated:
it's better to insert it in a variable to prevent to evaluate the same commands multiple times
when CLIENT_ACCEPTED {
set client_country [whereis [IP::client_addr] country]
if { ($client_country ne "US") && ($client_country ne "GB") && ($client_country ne "IE") && ($client_country ne "DE") } {
drop
}
}
This section is to share generic code, so if someone what to filter 10 countries, use switch, list or datagroup
with switch :
when CLIENT_ACCEPTED {
switch [whereis [IP::client_addr] country] {
"US" -
"GB" -
"IE" -
"DE" {
do nothing
}
default {
drop
}
}
}
with list :
when CLIENT_ACCEPTED {
set allowed_countries {"US" "GB" "IE" "DE"}
if { [lsearch -exact $allowed_countries [whereis [IP::client_addr] country]] == -1 } {
drop
}
}
with datagroup :
create a data group
allowed_countries
with values
and use this code
when CLIENT_ACCEPTED {
if { ![class match [whereis [IP::client_addr] country]] equals allowed_countries] } {
drop
}
}