cancel
Showing results for 
Search instead for 
Did you mean: 

Irule Help

ssam_138429
Nimbostratus
Nimbostratus

Dears,

 

Need some help on the F5 configuration. The requirements are: 1.Do not apply URI redirect if the request is coming from a particular subnet. 2.Apply URI redirect otherwise.

 

Tried the below Irules its not working. Please help urgent.

 

when HTTP_REQUEST { if { ([HTTP::uri] equals "/") and ([IP::client_addr] != "10.1.2.0/24") } { HTTP::redirect "/cams" } }

 

when HTTP_REQUEST { if { [IP::addr [IP::client_addr] eq 10.1.2.0/24] } { return do nothing } elseif { [HTTP::uri] equals "/" } { HTTP::redirect "/cams" }

 

}

when HTTP_REQUEST { if { { [IP::client_addr] = "10.1.2.0/24" } } { return do nothing } else { HTTP::redirect "http://[HTTP::host]/cams" } }

 

Thanks & Regards, Sam

 

16 REPLIES 16

Lee_Sutcliffe
Nacreous
Nacreous

Morning, please try this iRule, it will redirect if the client IP address is not within the 10.1.2.0/24 range.

 

when HTTP_REQUEST { if {!([IP::addr[IP::client_addr] equals 10.1.2.0/24])} { HTTP::redirect "http://[HTTP::host]/cams" } }

Please see the following link for IP::addr syntax https://devcentral.f5.com/wiki/iRules.IP__addr.ashx

 

nitass_89166
Noctilucent
Noctilucent

i think you had better also check uri.

 

e.g.

 

when HTTP_REQUEST { if { ![IP::addr [IP::client_addr] equals 10.1.2.0/24] and [HTTP::uri] eq "/" } { HTTP::redirect "http://[HTTP::host]/cams" } }

No luck. I have tried enabling logging and found the irule is not detecting the ip address.

 

when HTTP_REQUEST {log local0. "before ip" if { ![IP::addr [IP::client_addr] equals 10.1.2.0/24] and [HTTP::uri] eq "/" } { log local0. "after ip" HTTP::redirect "http://[HTTP::host]/cams" } }

 

I am getting only the "before ip" in the logs. Seems like the if condition is not matching.

 

Any luck or suggestions ?

 

have you added logging Lee (MrPlastic) suggested? can you post the log?

 

yes I have tried that but no luck

 

I tested this in my lab now, and it works fine. My BIG-IP is running version 12.1.2 (Build 1.0.271).

 

Can you start a tcpdump and verify that the source IP (client side) actually is what you expect it to be?

 

Regards, Morten

 

nitass
F5 Employee
F5 Employee

i think you had better also check uri.

 

e.g.

 

when HTTP_REQUEST { if { ![IP::addr [IP::client_addr] equals 10.1.2.0/24] and [HTTP::uri] eq "/" } { HTTP::redirect "http://[HTTP::host]/cams" } }

No luck. I have tried enabling logging and found the irule is not detecting the ip address.

 

when HTTP_REQUEST {log local0. "before ip" if { ![IP::addr [IP::client_addr] equals 10.1.2.0/24] and [HTTP::uri] eq "/" } { log local0. "after ip" HTTP::redirect "http://[HTTP::host]/cams" } }

 

I am getting only the "before ip" in the logs. Seems like the if condition is not matching.

 

Any luck or suggestions ?

 

have you added logging Lee (MrPlastic) suggested? can you post the log?

 

yes I have tried that but no luck

 

I tested this in my lab now, and it works fine. My BIG-IP is running version 12.1.2 (Build 1.0.271).

 

Can you start a tcpdump and verify that the source IP (client side) actually is what you expect it to be?

 

Regards, Morten

 

Stanislas_Piro2
Cumulonimbus
Cumulonimbus

iRule provided by Nitass may work. I guess there is a nat device between the client and the F5.

 

can you try this code to check client IP address (try to access to /myipaddress URL)

 

when HTTP_REQUEST { if { ([HTTP::uri] equals "/myipaddress") } { HTTP::respond 200 content " My IP Address Your client IP : [IP::client_addr] " noserver } }