CirrostratusWeird iRules issue
Hi
We have one virtual server that has two different irules that somehow conflict each other and denying traffic that should not be denied.
The first iRule is permitting traffic to one URI to only IP addresses exist in one datagroup.
The second iRule is permitting traffic to another and different URI to only IP addresses exist in another and different datagroup.
First iRule:
when CLIENT_ACCEPTED {
set allowed 0
if { [class match -- [IP::client_addr] equals Allow_To_uri1]
} {
set allowed 1
}
}
when HTTP_REQUEST {
if { [string tolower [HTTP::uri] ] equals "/uri1" } {
if { ! $allowed } {
reject
#log local0. "Blocked client IP: [IP::client_addr] to uri1]"
}
}
}
The Second iRule:
when CLIENT_ACCEPTED {
set allowed 0
if { [class match -- [IP::client_addr] equals Allow_to_uri2]
} {
set allowed 1
}
}
when HTTP_REQUEST {
if { [string tolower [HTTP::uri] ] equals "/uri2" } {
if { ! $allowed } {
reject
#log local0. "Blocked client IP: [IP::client_addr] to uri2]"
}
}
}
The weird issue is that I need to add the permitted IP to both datagroups for both URIs two work ! ... both datagroups should have the same IP addresses ?
why ? ......
Those are two different irules .. two diffrenet URIs .. two different datagroup .. why they've impact on each other ?
Wer'e Running LTM v13.1.1.5
Please advise
Hello,
can you please share the content of your datagroups ?
Also one thing I would try is change the $allowed variable to $allowed_for_uri1 in irule 1 and $allowed_for_uri2 for irule 2 for example (it seems they shouldn't be shared, but considering the strange behaviour you have).
