cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

Need help in adding Datagroup to existing Irule

Sarovani
Cirrostratus
Cirrostratus

Hi Team ,

 

I have below Irule which currently works for specific single source IP 10.10.10.1 ...I would like to add more IP using Datagroup , Could you please help me modify this irule .

 

I tried but I got error "variable reference required proceeding $"

 

Note : We have route domain configured and VIP is configured in route domain %70 .

 

Thanks in Advance 🙂

 

 

 

when HTTP_REQUEST {

if {

                 ([IP::client_addr] contains "10.10.10.1%70") && ([string tolower [HTTP::uri]] contains "/cklauncher/")

                                   }

                                                {

                drop

}                                                             

elseif { [string tolower [HTTP::path]] equals "/" && ( [IP::addr [IP::client_addr] equals 10.10.10.1%70]) } {

# redirect the request

log local0. "issuing redirect request to [HTTP::host][HTTP::uri] from [IP::client_addr]"

HTTP::redirect https://[getfield [HTTP::host] ":" 1]/ckpartner/

}

}

 

1 ACCEPTED SOLUTION

cjunior
Nacreous
Nacreous

Hi,

Any chances to same client IP address appears on different route domains on this iRule? Because I think IP data group won't consider route domains on validation, but I'm not 100% sure. This way, I think working on data group type ip route domain number wold be noise optional.

 

ltm data-group internal dg_my_ip_list { records { 10.10.10.1%70/32 { } } type ip }   when HTTP_REQUEST { if { [class match [IP::client_addr] equals dg_my_ip_list] } { if { [string tolower [HTTP::path]] equals "/cklauncher/" } { drop } elseif { [HTTP::path] equals "/" } { # redirect the request log local0. "issuing redirect request to [HTTP::host][HTTP::uri] from [IP::client_addr]" HTTP::redirect https://[getfield [HTTP::host] ":" 1]/ckpartner/ } } }  

 

I hope it helps.

 

Best regards.

 

 

View solution in original post

4 REPLIES 4

cjunior
Nacreous
Nacreous

Hi,

Any chances to same client IP address appears on different route domains on this iRule? Because I think IP data group won't consider route domains on validation, but I'm not 100% sure. This way, I think working on data group type ip route domain number wold be noise optional.

 

ltm data-group internal dg_my_ip_list { records { 10.10.10.1%70/32 { } } type ip }   when HTTP_REQUEST { if { [class match [IP::client_addr] equals dg_my_ip_list] } { if { [string tolower [HTTP::path]] equals "/cklauncher/" } { drop } elseif { [HTTP::path] equals "/" } { # redirect the request log local0. "issuing redirect request to [HTTP::host][HTTP::uri] from [IP::client_addr]" HTTP::redirect https://[getfield [HTTP::host] ":" 1]/ckpartner/ } } }  

 

I hope it helps.

 

Best regards.

 

 

Hi Cjunior,

 

I need help here .

 

With Datagroup I want to block access to both the uri's /cklauncher/ and /ckpartener/ and anything else should be accessible .

cjunior
Nacreous
Nacreous

Hello,

Changing this part, will that work for you?

if { [string tolower [HTTP::path]] equals "/cklauncher/" or [string tolower [HTTP::path]] equals "/ckpartener/" } { drop

Regards

I will try this , Thank you  

 

 

ltm data-group internal dg_my_ip_list {

  records {

    10.10.10.1%70/32 { }

  }

  type ip

}

 

when HTTP_REQUEST {

  if { [class match [IP::client_addr] equals dg_my_ip_list] } {

if { [string tolower [HTTP::path]] equals "/cklauncher/" or [string tolower [HTTP::path]] equals "/ckpartener/" } {

      drop

}

}

}