Forum Discussion

ssam_138429's avatar
ssam_138429
Icon for Nimbostratus rankNimbostratus
Jan 03, 2018

Irule Help

Dears,

 

Need some help on the F5 configuration. The requirements are: 1.Do not apply URI redirect if the request is coming from a particular subnet. 2.Apply URI redirect otherwise.

 

Tried the below Irules its not working. Please help urgent.

 

when HTTP_REQUEST { if { ([HTTP::uri] equals "/") and ([IP::client_addr] != "10.1.2.0/24") } { HTTP::redirect "/cams" } }

 

when HTTP_REQUEST { if { [IP::addr [IP::client_addr] eq 10.1.2.0/24] } { return do nothing } elseif { [HTTP::uri] equals "/" } { HTTP::redirect "/cams" }

 

}

when HTTP_REQUEST { if { { [IP::client_addr] = "10.1.2.0/24" } } { return do nothing } else { HTTP::redirect "http://[HTTP::host]/cams" } }

 

Thanks & Regards, Sam

 

iRules
LTM
security

16 Replies

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jan 03, 2018

    i think you had better also check uri.

    e.g.

    when HTTP_REQUEST {
  if { ![IP::addr [IP::client_addr] equals 10.1.2.0/24] and [HTTP::uri] eq "/" } {
    HTTP::redirect "http://[HTTP::host]/cams"
  }
}
    • ssam_138429's avatar
      ssam_138429
      Icon for Nimbostratus rankNimbostratus
      Jan 04, 2018

      No luck. I have tried enabling logging and found the irule is not detecting the ip address.

       

      when HTTP_REQUEST {log local0. "before ip" if { ![IP::addr [IP::client_addr] equals 10.1.2.0/24] and [HTTP::uri] eq "/" } { log local0. "after ip" HTTP::redirect "http://[HTTP::host]/cams" } }

       

    • ssam_138429's avatar
      ssam_138429
      Icon for Nimbostratus rankNimbostratus
      Jan 04, 2018

      I am getting only the "before ip" in the logs. Seems like the if condition is not matching.

       

  • nitass_89166's avatar
    nitass_89166
    Icon for Noctilucent rankNoctilucent
    Jan 03, 2018

    i think you had better also check uri.

    e.g.

    when HTTP_REQUEST {
  if { ![IP::addr [IP::client_addr] equals 10.1.2.0/24] and [HTTP::uri] eq "/" } {
    HTTP::redirect "http://[HTTP::host]/cams"
  }
}
    • ssam_138429's avatar
      ssam_138429
      Icon for Nimbostratus rankNimbostratus
      Jan 04, 2018

      No luck. I have tried enabling logging and found the irule is not detecting the ip address.

       

      when HTTP_REQUEST {log local0. "before ip" if { ![IP::addr [IP::client_addr] equals 10.1.2.0/24] and [HTTP::uri] eq "/" } { log local0. "after ip" HTTP::redirect "http://[HTTP::host]/cams" } }

       

    • ssam_138429's avatar
      ssam_138429
      Icon for Nimbostratus rankNimbostratus
      Jan 04, 2018

      I am getting only the "before ip" in the logs. Seems like the if condition is not matching.

       

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Jan 11, 2018

    iRule provided by Nitass may work. I guess there is a nat device between the client and the F5.

     

    can you try this code to check client IP address (try to access to /myipaddress URL)

     

    when HTTP_REQUEST {
    if { ([HTTP::uri] equals "/myipaddress") } {
        HTTP::respond 200 content "
            
                My IP Address
            
                Your client IP : [IP::client_addr]
            
            
        " noserver
    }
}