Converting A10 aFlex rules to F5 iRules

Question

Hi,We are moving onto F5s and Im having an issue with an iruleThe A10 aflex rules are as follows&nbsp;A10when HTTP_REQUEST {&nbsp;set uri [string tolower [HTTP::uri]]&nbsp; &nbsp;if { ($uri starts_with "&lt;.url&gt;") and not ([CLASS::match [IP::client_addr] Test_IPs1 ip] or [CLASS::match [IP::client_addr] TestIPs2 ip] ) } {&nbsp; &nbsp; &nbsp; drop&nbsp;}}And I'm trying to implement this on the F5 with&nbsp;when HTTP_REQUEST {&nbsp;set uri [string tolower [HTTP::uri]]&nbsp; &nbsp;if { ($uri starts_with "&lt;url&gt;") &amp;&amp; ([class match ne [IP::remote_addr] Test_IPs1 ] | [class match ne [IP::remote_addr] Test_IPs2 ] ) } {&nbsp; &nbsp; &nbsp; drop&nbsp; &nbsp;}&nbsp;}&nbsp;When I apply this irule to the VIP i can no longer access the URL behind that VIP&nbsp;Only IPs that should be allowed through should be in Test_IPs1 or Test_IPs2&nbsp;Anyone know how the F5 rule should look?ThanksAdrian&nbsp;&nbsp;&nbsp;

jrahm · Answer

Hi adrianglendinning your class syntax is a little off. Try this:
when HTTP_REQUEST priority 500 {
    if { [string tolower [HTTP::uri]] starts_with "/my/url/here" &amp;&amp;
         ![class match -- [IP::client_addr] equals Test_IPs1] &amp;&amp; 
         ![class match -- [IP::client_addr] equals Test_IPs2] } {
            drop
         }
}
also you can combine those two classes into a single class to simplify the condition a little unless there's a good reason to keep them separate.

Forum Discussion

Converting A10 aFlex rules to F5 iRules

1 Reply

Recent Discussions

CITRIX remote desktop solution using F5 APM

BIG-IP rseries license

F5 iRule to route traffic based on AS2 headers doesnt work

Trouble with TCP::option set 28

LDAPS: intermittent login issues

Related Content

Alteon Config Converter

Convert .htaccess rewrite rules to iRule

convert irule from if...else to switch

Unbreaking the Internet and Converting Protocols

irule - converting if to switch