Forum Discussion
hooleylist
Aug 20, 2009Cirrostratus
Hi,
Can you use the second format, trim out all but a handful of entries, reload your configuration using 'b load', and then test the iRule further? I believe that if you modify the external class file, the change isn't read into memory until the config is reloaded.
Try adding a log statement of the client IP address, the datagroup contents and the value of the matchclass command. This should give you a good indication of all the relevant data.
log local0. "[IP::client_addr]:[TCP::client_port]: class contents: $::UK_Allowed_IP, matchclass result: [matchclass [IP::client_addr] equals $::UK_Allowed_IP]"
Also, once you have the class check working, you could move it to CLLIENT_ACCEPTED and set a variable if the client needs to be redirected. That way you do the check once per TCP connection instead of for every HTTP request. You could also forcibly close the TCP connection with TCP::close after the HTTP redirect to ensure the client doesn't retry the request on the same TCP connection if they'll never be allowed to reach the pool.
Aaron