cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.
Nicolas_Menant
F5 Employee
F5 Employee

Problem this snippet solves:

This iRule allows you to bypass MSM (Mail Security Module) for known-good senders by disabling all subsequent iRules (including the MSM iRule) for addresses in a specified class of allowlisted IP addresses.

The Class

First create a data group list (class) of type Address that contains the IP addresses and/or subnets from which mail will always be accepted: class allow_list { host 10.10.10.1 net 192.168.0.0 255.255.0.0 }

Then apply the following iRule to the same virtual server to which MSM is associated:

How to use this snippet:


Code :

priority 1
when CLIENT_ACCEPTED {  
  if { [matchclass [IP::client_addr] equals $::allow_list] } {  
  log local0. "client: [IP::client_addr] found in allow_list directed to http_test_pool"  
pool http_test_pool  
event disable all  
  }  
  elseif { [matchclass [IP::client_addr] equals $::deny_list] } {  
    log local0. " client: [IP::client_addr] found in deny_list directed to http_test_pool_2"  
pool http_test_pool_2   
           # or discard  
event disable all  
  }  
}
Version history
Last update:
‎18-Mar-2015 12:58
Updated by:
Contributors