Forum Discussion

jholmes_39917's avatar
jholmes_39917
Icon for Nimbostratus rankNimbostratus
Jun 25, 2012

URI client IP redirect

I am new to this group and irules so bare with me here. What I have is a site whos owners want a redirect to happen based on client ip range, and URI.

 

 

Example of what I have so far:

 

 

 

when HTTP_REQUEST{

 

 

log local. "Client: [IP::client_addr]"

 

 

if { [HTTP::uri] starts_with "URI" }{

 

 

if { [IP::addr [IP::client_addr] equals X.X.X.X/X] } {

 

pool blah }

 

 

 

elseif { [IP::addr [IP::client_addr] equals X.X.X.X] } {

 

pool blah }

 

 

}

 

}

 

 

 

This doesnt appear to work and was hoping someone could give me some pointers on getting this accomplished.

 

 

 

 

 

 

 

 

application delivery
dev
devops
iRules

10 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jun 25, 2012
    That looks about right. I assume URI is a liternal URI like /path/to/file? Can you add debug logging for the two different pool statements to see if either are being hit?

     

     

    Aaron
  • jholmes_39917's avatar
    jholmes_39917
    Icon for Nimbostratus rankNimbostratus
    Jun 25, 2012
    [undefined procedure: elseif] [elseif { [IP::addr [IP::client_addr] equals XXXX] } { Havent gotten a chance to debug it. I get this error when trying to save it through the IRule editor.
  • jholmes_39917's avatar
    jholmes_39917
    Icon for Nimbostratus rankNimbostratus
    Jun 25, 2012
    [undefined procedure: elseif] [elseif { [IP::addr [IP::client_addr] equals XXXX] } { Havent gotten a chance to debug it. I get this error when trying to save it through the IRule editor.
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jun 25, 2012
    I'd guess you have a space issue with the elseif clause. Can you try this? 

    when HTTP_REQUEST {

log local. "Client: [IP::client_addr]"
if { [HTTP::uri] starts_with "/some_uri" }{
if { [IP::addr [IP::client_addr] equals X.X.X.X/X] } {
pool blah
log local. "[IP::client_addr]: Matched first check"
} elseif { [IP::addr [IP::client_addr] equals X.X.X.X] } {
pool blah
log local. "[IP::client_addr]: Matched second check"
} else {
reject
}
}
}

    Aaron
  • jholmes_39917's avatar
    jholmes_39917
    Icon for Nimbostratus rankNimbostratus
    Jun 25, 2012
    Ok that appears to load successfully and logs my IP correctly. The problem I have is the criteria above should only be allowed to the site. My IP still reaches the backend IP addresses and can see the content. Is there something I can use that will stop that from happening?
  • naladar_65658's avatar
    naladar_65658
    Icon for Altostratus rankAltostratus
    Jun 25, 2012
    I would recommend giving that a shot. Your iRule is looking for two things, otherwise traffic will "fall through" essentially and go to whatever you have set for a default pool.
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jun 26, 2012
    Or you could add an else clause with a reject statement to send a TCP reset if that condition is met. I edited the example above to show this.

     

     

    Aaron
  • jholmes_39917's avatar
    jholmes_39917
    Icon for Nimbostratus rankNimbostratus
    Jun 26, 2012
    Thanks everyone for the help. Works like a champ I am really enjoying this F5 and its abilities... :-)