17-Mar-2023 10:02
I am trying to use Access Control Based on IP irule to restrict access to a virtual server.
However when i apply the iRule the connection gets rejected and i see this in the logs (this is all in my lab):
TCL error: /jeclab/allowed_clients_2 <CLIENT_ACCEPTED> - can't read "::trustedAddresses": no such variable while executing "matchclass [IP::client_addr] equals $::trustedAddresses"
iRule, datagroup and virtual config attached.
17-Mar-2023 12:42
@Jose_Cruz The reason for this error is because your variable is entered in incorrectly and should be $trustedAddresses but you have $::trustedAddresses with the two : between the $ and the data-group name.
20-Mar-2023 21:33
Hi @Jose_Cruz,
matchclass was deprecated in v10, and that iRule should look like instead:
when CLIENT_ACCEPTED priority 500 {
if { [class match -- [IP::client_addr] equals trustedAddresses] } {
#Uncomment the line below to turn on logging.
log local0. "Valid client IP: [IP::client_addr] - forwarding traffic"
forward
} else {
#Uncomment the line below to turn on logging.
log local0. "Invalid client IP: [IP::client_addr] - discarding"
discard
}
}
Your data-group has the same value as the key, is this intended? Not sure what use that is, if you are not using values, you do not need to set them.