Forum Discussion

Nimbostratus

Mar 25, 2009

redirect based on source ip address

Need a little help in coming up with an iRule where if the client IP matches i want it going to a pool, if not just redirect to a url. I am missing something here when CLIENT_ACCEPTED ...

Employee

Apr 15, 2009

The wiki says - "Use of IP::addr is not necessary if matchclass command is used to perform the address-to-address comparison" but nonetheless you may want to try:

 
 if { [matchclass IP:addr[IP::client_addr] equals $::relay_hosts_allowed]} {

The rule looks fine though...so long as LTM has a route to whatever you are trying to get to (or is directly connected) then it should forward the packet.

You could add some logging to see if you're not matching for some reason:

 
 when CLIENT_ACCEPTED { 
   if { [matchclass [IP::client_addr] equals $::relay_hosts_allowed]} { 
     log local0. "[IP::client_addr] matched an allowed host." 
     forward 
     } else { 
     log local0. "[IP::client_addr] didn't match, dropping" 
     drop 
   } 
 }

Denny

Forum Discussion

redirect based on source ip address

Recent Discussions

GTM Packet Capture command

Wildcard SSL Certificate Deployment on F5 LTM

Migration from i series 10200 with 1 child VCMP to r series 10900 series

Open Redirection Mitigation

How to Implement 2 Way SSL in F5 LTM

Related Content

How to ensure source address and source port are accepted and traversed properly via F5 SNAT automap

CSV to Address External Datagroup File

Anchor Link Redirect

SNAT IP address logging

Capturing source IP addresses for VIP