Forum Discussion
Hello Rafish,
Please try the below irule
when HTTP_REQUEST {
set low_host [string tolower [HTTP::host]]
if {(( $low_host starts_with "test1.technion.ac.il" ) || ( $low_host starts_with "test2.technion.ac.il" ) || ( $low_host starts_with "test3.technion.ac.il" ) || ( $low_host starts_with "test4.technion.ac.il" ) )&& ( [IP::addr [IP::client_addr] equals 10.10.10.10] )} {
HTTP::respond 404 content "Blocked by irule" log local0. "$low_host traffic has come from blocked subnet" }
}
I also got the same error and then I have given space between IP::addr and [IP::client_addr]. After that, irule was working fine. You can also given try by giving space between IP::addr and [IP::client_addr]
- Rafish_129330Apr 24, 2018Nimbostratus
Hello,
Thank you very much
The space solve the problem :)
Now how can i add more ip to IP::addr and [IP::client_addr ?
Regards
- Nandhini_NataraApr 24, 2018Nimbostratus
Hello,
You can use [IP::addr [IP::remote_addr] equals ipaddress with mask] in this format.
Eg:
[IP::addr [IP::remote_addr] equals 10.10.10.0/24]
- Nandhini_Natar1Apr 24, 2018Cirrus
Hello,
You can use [IP::addr [IP::remote_addr] equals ipaddress with mask] in this format.
Eg:
[IP::addr [IP::remote_addr] equals 10.10.10.0/24]
- Rafish_129330Apr 24, 2018Nimbostratus
Hello,
What if need to allow just another host /32 ?
Regards
- Nandhini_NataraApr 25, 2018Nimbostratus
Hello,
you can create an data_group for the exception IP's and then you can use that data group in the irule like below
ltm data-group internal test_allow_IP { records { 10.10.10.10/32 { } 10.10.10.11/32 { } } type ip } when HTTP_REQUEST { set low_host [string tolower [HTTP::host]] if {(( $low_host starts_with "test1.technion.ac.il" ) || ( $low_host starts_with "test2.technion.ac.il" ) || ( $low_host starts_with "test3.technion.ac.il" ) || ( $low_host starts_with "test4.technion.ac.il" ) )&& ( [class match [IP::client_addr] equals test_allow_IP] )} { HTTP::respond 404 content "Blocked by irule" log local0. "$low_host traffic has come from blocked subnet" } }
- Rafish_129330Apr 26, 2018Nimbostratus
Hi,
Please see error i get 01070151:3: Rule [/Common/Hacked_web3_Https_site_with_support_access] error: /Common/My _irule_name_access:1: error: [undefined procedure: ltm][ltm data-group internal test_allow_IP { records { 10.10.10.10/32 { } 10.10.10.11/32 { } } type ip }]
I dont have Ltm license
Regards
- jaikumar_f5Apr 27, 2018MVP
Rafish,
You are required to create the Data group first separetely and then put the Irule part separately. You have put both the datagroup and Irule code inside the Irule creation part itself, hence the error.
Please follow this,
Local Traffic ›› iRules : iRule List ›› RafishIrule
Paste the below code alone,
when HTTP_REQUEST { set low_host [string tolower [HTTP::host]] if {(( $low_host starts_with "test1.technion.ac.il" ) || ( $low_host starts_with "test2.technion.ac.il" ) || ( $low_host starts_with "test3.technion.ac.il" ) || ( $low_host starts_with "test4.technion.ac.il" ) )&& ( [class match [IP::client_addr] not equals test_allow_IP] )} { HTTP::respond 404 content "Blocked by irule" log local0. "$low_host traffic has come from blocked subnet" } }
Then gotoLocal Traffic ›› iRules : Data Group List ›› New Data Group...
Name: test_allow_IP Type: Address
Address: 10.10.10.10/32 Value:
Click on Add.
Click on finished. Please let us know if you face any issues.
- Rafish_129330Apr 29, 2018Nimbostratus
Hi
Thank you for your replay,
I tried once with "class match" but it didn't work good.
I tried once again as you suggest but 10.10.10.10 was blocked also.
Any suggest ?
Regards
- jaikumar_f5Apr 29, 2018MVP
The not logic is incorrect. It should be,
( not [class match [IP::client_addr] equals test_allow_IP] )
Please use the below, you can achieve these by many ways, allowing in if or on else, its so many possibilities.
when HTTP_REQUEST { set low_host [string tolower [HTTP::host]] if {(( $low_host starts_with "test1.technion.ac.il" ) || ( $low_host starts_with "test2.technion.ac.il" ) || ( $low_host starts_with "test3.technion.ac.il" ) || ( $low_host starts_with "test4.technion.ac.il" ) ) && ( not [class match [IP::client_addr] equals test_allow_IP] )} { HTTP::respond 404 content "Blocked by irule" log local0. "$low_host traffic has come from blocked subnet" } }
or a simple one like this too, without the need for Data Group, as you need to allow just one ip,
when HTTP_REQUEST { set low_host [string tolower [HTTP::host]] if {(( $low_host equals "test1.technion.ac.il" ) || ( $low_host equals "test2.technion.ac.il" ) || ( $low_host equals "test3.technion.ac.il" ) || ( $low_host equals "test4.technion.ac.il" ) ) && ( not [IP::addr [IP::client_addr] equals 10.10.10.10] )} { HTTP::respond 404 content "Blocked by irule" log local0. "$low_host traffic has come from blocked subnet" } }
- Rafish_129330Apr 29, 2018Nimbostratus
Hi,
Thank you very much it works now :)
Regards