Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Help with iRule - Access Control Based on IP

Jose_Cruz
Altostratus
Altostratus

I am trying to use Access Control Based on IP irule to restrict access to a virtual server.

 

However when i apply the iRule the connection gets rejected and i see this in the logs (this is all in my lab):

 

TCL error: /jeclab/allowed_clients_2 <CLIENT_ACCEPTED> - can't read "::trustedAddresses": no such variable while executing "matchclass [IP::client_addr] equals $::trustedAddresses"

 

iRule, datagroup and virtual config attached.

2 REPLIES 2

Paulius
MVP
MVP

@Jose_Cruz The reason for this error is because your variable is entered in incorrectly and should be $trustedAddresses but you have $::trustedAddresses with the two : between the $ and the data-group name.

JRahm
Community Manager
Community Manager

Hi @Jose_Cruz,

matchclass was deprecated in v10, and that iRule should look like instead:

when CLIENT_ACCEPTED priority 500 {
    if { [class match -- [IP::client_addr] equals trustedAddresses] } {
        #Uncomment the line below to turn on logging.
        log local0. "Valid client IP: [IP::client_addr] - forwarding traffic"
        forward
    } else {
        #Uncomment the line below to turn on logging.
        log local0. "Invalid client IP: [IP::client_addr] - discarding"
        discard
    }
}

Your data-group has the same value as the key, is this intended? Not sure what use that is, if you are not using values, you do not need to set them.