Forum Discussion

Robert_Owen_753's avatar
Robert_Owen_753
Icon for Nimbostratus rankNimbostratus
Apr 29, 2013

Issue with DataGroup in iRule

BIG-IP 11.3.0 Build 3093.0 Hotfix HF4

 

We are trying to direct traffic for a specific path if you are a member of the datagroup. Here is the iRule :

 

 

when HTTP_REQUEST {

 

if { ([HTTP::path] starts_with "/SalesEntrySystem") and ! ([class match [IP::remote_addr] equals $::SES]) } {

 

pool Pool_SES_LINK

 

}

 

}

 

However, it is not working and we are seeing this error in the LTM logs:

 

TCL error: /Common/SES - can't read "::SES": no such variable while executing "class match [IP::remote_addr] equals $::SES"

 

Any suggestions?

 

 

Thanks!

 

 

 

4 Replies

  • You don't need the "$::" syntax with the class commands. Assuming your data group is called "SES", then it's just:

     

     

    if { ([HTTP::path] starts_with "/SalesEntrySystem") and ! ([class match [IP::remote_addr] equals SES]) } {
  • Thanks Kevin. We tried removing the "$::" . We don't get the error any longer however, it doesn't redirect.

     

     

    We've got the data group setup with a few test IPs. Mine and my coworker's but neither redirect to the pool. Would we need an "ELSE" statement?

     

     

    By redirect, I mean use the pool we set.

     

  • I'd make a few minor modifications and retest:

    
    when HTTP_REQUEST {
         log local0. "URI = [string lower [HTTP::uri]]"
         log local0. "Client IP = [IP::client_addr]"
         if { ( [string tolower [HTTP::uri]] starts_with "/salesentrysystem") and not ( [class match [IP::client_addr] equals SES] ) } {
              pool Pool_SES_LINK
         }
    }
    

    Check the logs and make sure the request URI and client IP both match your conditions. On a side note, can I assume you want to allow this pool redirect ONLY if the user requests /salesentrysystem* AND the client IP is IN the data group? If so then I would remove the not operator.