iRule to redirect URI based on source ip.

can we combine them like this?

[root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   destination 172.28.19.252:443
   ip protocol 6
   rules myrule
   profiles {
      clientssl {
         clientside
      }
      http {}
      tcp {}
   }
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when HTTP_REQUEST {
   if { !([HTTP::uri] starts_with "/content/") } {
      HTTP::redirect "https://newhost.test"
      return
   }
   if { [IP::addr [IP::client_addr] equals 172.28.65.0/24] } {
      pool POOL_ADDRESS
   }
}
}
[root@ve10:Active] config  b pool POOL_ADDRESS list
pool POOL_ADDRESS {
   members 200.200.200.101:80 {}
}

 redirect

[root@centos ~] curl -Ik https://host.test/something
HTTP/1.0 302 Found
Location: https://newhost.test
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

 /content/Admin.aspx

[root@ve10:Active] config  ssldump -Aed -nni 0.0 port 443 or port 80 -k /config/ssl/ssl.key/default.key
New TCP connection 1: 172.28.65.147(58214) <-> 172.28.19.252(443)
1 1  1360935396.3755 (0.0180)  C>S SSLv2 compatible client hello
1 2  1360935396.3755 (0.0000)  S>CV3.1(81)  Handshake
1 3  1360935396.3755 (0.0000)  S>CV3.1(953)  Handshake
1 4  1360935396.3755 (0.0000)  S>CV3.1(4)  Handshake
1 5  1360935396.3775 (0.0020)  C>SV3.1(262)  Handshake
1 6  1360935396.3775 (0.0000)  C>SV3.1(1)  ChangeCipherSpec
1 7  1360935396.3775 (0.0000)  C>SV3.1(36)  Handshake
1 8  1360935396.3960 (0.0185)  S>CV3.1(1)  ChangeCipherSpec
1 9  1360935396.3960 (0.0000)  S>CV3.1(36)  Handshake
1 10 1360935396.3975 (0.0014)  C>SV3.1(190)  application_data
    ---------------------------------------------------------------
    HEAD /content/Admin.aspx HTTP/1.1
    User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
    Host: host.test
    Accept: */*

    ---------------------------------------------------------------
New TCP connection 2: 200.200.200.10(58214) <-> 200.200.200.101(80)
1360935396.3986 (0.0010)  C>S
---------------------------------------------------------------
HEAD /content/Admin.aspx HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: host.test
Accept: */*

---------------------------------------------------------------

Thanks for your help. I applied the rules (modified for my addresses and ips) and tested from the outside: both urls get redirected to tne new one. But if I connect from and internal host (using the address that matches client_addr), no redirect occurs - for both urls.

can you add some logging into the irule?

 

 

e.g.

 

log local0. "[IP::client_addr]:[TCP::client_port] [IP::local_addr]:[TCP::local_port] [HTTP::uri]"

I think I got an error in reasoning, let's check it:

 

 

https://old.host/content --> redirect to https://new.host, for all IP addresses

 

https://old.host/content/adminlogin.aspx --> access only for an specified IP range

 

 

I got the idea to create such an rule:

 

 

when HTTP_REQUEST {

 

if { not ([HTTP::uri] contains "admin" )}{

 

HTTP::redirect "https://new.host"

 

}

 

}

 

 

But thet would ne prevent other hosts to connect to the admin interface. Also, i would not work if the admin itnerface uses content ot the /content directory since that will get redirected. How would you solve such an requirenment? Thanks.

But thet would ne prevent other hosts to connect to the admin interface. Also, i would not work if the admin itnerface uses content ot the /content directory since that will get redirected. How would you solve such an requirenment?would it be possible to create another subdomain for admin interface e.g. admin.host?