NimbostratusDears,
I'm trying to write an irule that limit access from source 192.168.1.1 to single url : else permit to all.When applying the below on VS its not working anymore. it should be when http_request or when_client_accepted ?
when HTTP_REQUEST { if { !([HTTP::uri] equals "; and [IP::client_addr] equals "192.168.1.1/32" ) } { reject }
}
NimbostratusDear Daniel,
find below logs :
Jan 24 16:05:24 F5-1 info tmm1[14061]: Rule /Middleware/rackspace : URI: /cvs/chn.website.cvs.Account_1.0?wsdl Jan 24 16:05:24 F5-1 info tmm1[14061]: Rule /Middleware/rackspace : IP: 192.168.100.201%10
Jan 24 16:07:09 F5-1 info tmm1[14061]: Rule /Middleware/rackspace : URI: /OmegaIntegration/proxy/BankMedOmegaIntegrationWS?wsdl Jan 24 16:07:09 F5-1 info tmm1[14061]: Rule /Middleware/rackspace : IP: 192.168.100.201%10
Best Regards, Ralph El Habr
EmployeeIf you are using route domains then you have to add the route domain id at the end of the IP like:
[IP::client_addr] equals "192.168.100.201%10"
Can you test this?
NacreousI would just change the logic to 'contains' to get around the route domain issue. Makes the iRule more portable for other VIPs in different route domains
eg
[IP::client_addr] contains "192.168.100.201"Thank you Daniel yes im using route domains and this was the problem. MrPlastic I used contains instead of % and its working now :)
thank you for your support.