Single iRule for multiple customers to whitelist blacklist via data group

Question

We have been using separate whitelist/blacklist for each customer so far, since we used separate VIP for each customer. But we are now planning to move to single VIP configuration to handle traffic for all customers for which we have the iRule in our test lab which works fine for our requirement.
However we would also like to have one common iRule for whitelist/blacklist that can be handle traffic via data group, to avoid editing iRule for every new customer addition. Please suggest syntax for the same.
when HTTP_REQUEST {
    if { ([matchclass [string tolower [HTTP::host][HTTP::uri]] contains "Customer1_Blacklist_URLs"]) and ([matchclass [IP::remote_addr] equals "Customer1_Blacklist_IPs"]) } { HTTP::respond 403 }
}

when HTTP_REQUEST {
    if{ ([matchclass [string tolower [HTTP::host][HTTP::uri]] contains "Customer2_Blacklist_URLs"]) and ([matchclass [IP::remote_addr] equals "Customer2_Blacklist_IPs"]) } { HTTP::respond 403 }
}

stanislas_piro2 · Answer

I recommend to configure only one datagroup, with customer name in value.&nbsp;
Then, in class match command, add -value parameter to return the value instead of 0/1&nbsp;
Finally, check if the value equals (or contains) the customer name!&nbsp;

Forum Discussion

Single iRule for multiple customers to whitelist blacklist via data group

1 Reply

Recent Discussions

Server 2 causing application slowness

F5Access | MacOS Sonoma

AS3 Deployments (shared objects)

Inquiry on F5's Maintenance Mode Feature for Pool Members

Ansible modules for F5OS

Related Content

Global Blacklist or Whitelist

F5 Distributed Cloud - Customer Edge Site - Deployment & Routing Options

custom response page for api

F5 Distributed Cloud – Multiple custom certificates for HTTP/TCP LB

BIG-IP AFM Blacklisting Magic