Small iRule help

Question

Small iRule help&nbsp;
Hi guys,&nbsp;
I want to send a HTTP response based on the client source IP address, it is just for a test, but the iRule validation fails. I prefer to keep it simple, I know I can add the switch clause, but for now I dont want to overcomplicate it.&nbsp;
Here it is:&nbsp;
when HTTP_REQUEST {
    log local0. "Client ([IP::client_addr]) is requesting: [HTTP::uri]"
    if { ([IP::addr [IP::client_addr]/24 equals 64.122.88.0 ]) or ([IP::addr [IP::client_addr]/24 equals 180.10.134.140.0  ]) } 
    {
               log local0. "Default condition"
                HTTP::respond 200 content  "Forbidden Redirect From Remote ServerThis is the mock up for testing" 
            }
}&nbsp;
Something must be wrong, getting a syntax error.&nbsp;

raghavendrasy · Answer

Please use below iRule and assigned to virtual server.
when CLIENT_ACCEPTED {
if { [IP::addr [IP::client_addr] equals 10.1.1.1/32] or  [IP::addr [IP::client_addr] equals 10.1.1.2/32]} {
 if { [TCP::local_port] == 22 } { pool pool-1 }
  else { reject }
   }
  else { reject }
}&nbsp;
Port 22 is just an example.&nbsp;

tatmotiv · Answer

It would be helpful if you had used the formatting options in order to display the irule in readable form(not as a one-line string).&nbsp;
Also, the content of the syntax error would be helpful.&nbsp;

livius · Answer

This is the code I am using but not validating the client source IP addresses still:&nbsp;Code
`
when HTTP_REQUEST {
    log local0. "Client ([IP::client_addr]) is requesting: [HTTP::uri]"
    if { ([IP::addr [IP::client_addr]/24 equals 54.179.88.0 ]) or ([IP::addr[IP::client_addr]/24 equals 17.34.134.140.0  ]) or ([IP:addr[IP::client_addr]/24 equals 219.45.252.0  ])  }

{
           log local0. "Default condition"
            HTTP::respond 200 content  "Forbidden Redirect From Remote Server&lt;BODY&gt;This is the mock up for  testing" 
        }

}

lee_sutcliffe · Answer

180.10.134.140.0 is not a valid IP address. Correct this, and your iRule should work. 
For example:
when HTTP_REQUEST { 
    log local0. "Client ([IP::client_addr]) is requesting: [HTTP::uri]" 
    if { ([IP::addr [IP::client_addr]/24 equals 64.122.88.0 ]) or ([IP::addr [IP::client_addr]/24 equals 180.10.134.0 ]) } { 
        log local0. "Default condition" 
        HTTP::respond 200 content "This is the mock up for testing" 
    } 
}

youssef1 · Answer

Hi,
you can try this, it will be more easy to manage your client IP... As you can noticed you can add additional client IP in multivalue var or delete (it will allow you to don't touch condition, just add or delete client IP)....
when HTTP_REQUEST {

set uri [string tolower [HTTP::uri]]
set host [string tolower [HTTP::host]]

array set client_ip {
    clientip1 "64.122.88.0/8"
    clientip2 "180.10.134.140.0/12"
}

foreach ip [array names client_ip] {
    if { [IP::addr [IP::client_addr] equals $client_ip($ip)] } {
        log local0. "client ip: [IP::client_addr] - client grp matching: $client_ip($ip) - url: $host$uri"
        HTTP::respond 200 content "what's you want to display" 
    }
}

}

Forum Discussion

Small iRule help

5 Replies

Recent Discussions

Need advise to setup a policy on F5

Web acceleration

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Related Content

Small question related to proxy_set_header Host

Small URL Generator

Small URL Generator: Part 1

A small script to export all AWAF policies from a BIG-IP device.

Small URL Generator: Part 2