Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

simple redirect irule based off ip

Go to solution
CraigWoo
Nimbostratus
Nimbostratus

‎23-Sep-2022 19:16

Hi All

I am very new to irules as we just got our first big-ip this week and have a rookie question for you.

I'm trying to redirect a sub-section of a site that I have got working with

when HTTP_REQUEST {
if { [string tolower [HTTP::uri]] starts_with "/restricted1" } {
HTTP::redirect "https://demo.com/not-allowed"
}
}

I have a requirement that if the matches say 10.2.2.0/24 then allow the connection still.

when HTTP_REQUEST {
if {[IP::addr 10.2.2.0/24 equals [IP::client_addr]]}
{ HTTP::redirect [HTTP::uri] }
else
{ HTTP::redirect HTTP::redirect "https://demo.com/not-allowed" }
}

I can't seem to get it working without affecting the whole site as I'm just after redirecting the /restricted part, Any pointers or if I'm doing this the wrong way?

Peace

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
CA_Valli
MVP
MVP

‎26-Sep-2022 02:26 - edited ‎26-Sep-2022 02:29

Hello, how many networks do you need to match? 

For allowing multiple client networks you'll need a data group. 

See this example below - note that "getfield" returns a string so I'm changing the format to IP address using IP::addr .

 

when HTTP_REQUEST {
  if {[string tolower [HTTP::uri]] starts_with "/restricted1" }{

   if { [IP::addr [getfield [IP::client_addr] "%" 1] equals "10.2.2.0/24"]}{
       #this is a sample with a static client network
       return
    } elseif { [class match [getfield [IP::client_addr] "%" 1] equals datagroup_allowed_networks] } {
    #when you have multiple subnet to match, then it is recommended to use data-group created as Address (IP) type. 
       return
    } else {
      HTTP::redirect "https://demo.com/not-allowed"
    }
}

 

View solution in original post

4 REPLIES 4

Go to solution
CA_Valli
MVP
MVP

‎26-Sep-2022 02:26 - edited ‎26-Sep-2022 02:29

Hello, how many networks do you need to match? 

For allowing multiple client networks you'll need a data group. 

See this example below - note that "getfield" returns a string so I'm changing the format to IP address using IP::addr .

 

when HTTP_REQUEST {
  if {[string tolower [HTTP::uri]] starts_with "/restricted1" }{

   if { [IP::addr [getfield [IP::client_addr] "%" 1] equals "10.2.2.0/24"]}{
       #this is a sample with a static client network
       return
    } elseif { [class match [getfield [IP::client_addr] "%" 1] equals datagroup_allowed_networks] } {
    #when you have multiple subnet to match, then it is recommended to use data-group created as Address (IP) type. 
       return
    } else {
      HTTP::redirect "https://demo.com/not-allowed"
    }
}

 

Go to solution
CraigWoo
Nimbostratus
Nimbostratus
In response to CA_Valli

‎05-Oct-2022 17:52

Thanks, CA_Valli

Just the one for now, ive removed the data group for now and seems to be working will do some more testing and let you know. Thanks heaps for this

0 Kudos

Go to solution
CA_Valli
MVP
MVP
In response to CraigWoo

‎07-Oct-2022 05:48 - edited ‎07-Oct-2022 05:48

Happy to help, if this helped resolve issue please "accept solution" for my previous message so that this thread is closed and it's easier for other users with similar problem to find it. 

0 Kudos

Go to solution
CraigWoo
Nimbostratus
Nimbostratus

‎25-Oct-2022 15:19

Thanks, Have updated now. this worked in the lab for our ECP portal

 

when HTTP_REQUEST {
  if {[string tolower [HTTP::uri]] starts_with "/ecp"}{

   if { [class match [getfield [IP::client_addr] "%" 1] equals ecp-access] }{
       #this is a sample with a static client network
       return
    } else {
      HTTP::redirect "https://wwww.testwebsite.com/not-allowed"
    }
}
}

 

0 Kudos
Copyright © 2023 Khoros, LLC