Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

Help with iRule - Access Control Based on IP

Jose_Cruz
Altostratus
Altostratus

‎17-Mar-2023 10:02

I am trying to use Access Control Based on IP irule to restrict access to a virtual server.

 

However when i apply the iRule the connection gets rejected and i see this in the logs (this is all in my lab):

 

TCL error: /jeclab/allowed_clients_2 <CLIENT_ACCEPTED> - can't read "::trustedAddresses": no such variable while executing "matchclass [IP::client_addr] equals $::trustedAddresses"

 

iRule, datagroup and virtual config attached.

Labels:
Preview file
72 KB
2 REPLIES 2

Paulius
MVP
MVP

‎17-Mar-2023 12:42

@Jose_Cruz The reason for this error is because your variable is entered in incorrectly and should be $trustedAddresses but you have $::trustedAddresses with the two : between the $ and the data-group name.

0 Kudos

JRahm
Community Manager
Community Manager

‎20-Mar-2023 21:33

Hi @Jose_Cruz,

matchclass was deprecated in v10, and that iRule should look like instead:

when CLIENT_ACCEPTED priority 500 {
    if { [class match -- [IP::client_addr] equals trustedAddresses] } {
        #Uncomment the line below to turn on logging.
        log local0. "Valid client IP: [IP::client_addr] - forwarding traffic"
        forward
    } else {
        #Uncomment the line below to turn on logging.
        log local0. "Invalid client IP: [IP::client_addr] - discarding"
        discard
    }
}

Your data-group has the same value as the key, is this intended? Not sure what use that is, if you are not using values, you do not need to set them.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
https://twitter.com/jasonrahm
https://www.youtube.com/devcentral
0 Kudos
Copyright © 2023 Khoros, LLC