Forum Discussion

ShaneCal_162988's avatar
ShaneCal_162988
Icon for Altocumulus rankAltocumulus
Dec 02, 2014

Maintenance Page iRule with allowed IP addresses

I'm looking for a maintenance page iRule that will redirect traffic during a time frame, this iRule needs to allow certain IPs to connect to the server without being redirected to the maintenance page.

 

Here's our scenario:

 

  1. Begin maintenance mode
  2. Deploy new code
  3. Run front-end tests
  4. If tests pass, end maintenance mode

I've read through some very interesting posts on how to implement maintenance mode iRules:

 

https://devcentral.f5.com/questions/maintenance-page-irule-need-redirect-and-rewrite

 

https://devcentral.f5.com/articles/irule-maintenance-windows

 

But each post seems to just want to redirect all traffic, as opposed to allowing certain IP addresses to connect to the site that's in maintenance mode.

 

Surely someone out there has faced a similar problem, help a complete F5 noob out

 

application delivery
BIG-IP Access Policy Manager (APM)
deployment
devops
iRules
LTM
maintenance page
security

1 Reply

Sort By
  • Walter_Kacynski's avatar
    Walter_Kacynski
    Icon for Cirrostratus rankCirrostratus
    Dec 02, 2014

    We use a DataGroup for this purpose:

    when RULE_INIT {
    set static::start_date "2014-11-09 19:00"
    set static::end_date "2014-11-09 20:00"
    set static::start [clock scan $static::start_date]
    set static::end [clock scan $static::end_date]
}
when HTTP_REQUEST {
       set now [clock seconds]
       if {$now > $static::start and $now < $static::end} {
       if { not ([class match [IP::client_addr] equals VPN-IPs-DataGroup]) } { 
           if { not ([HTTP::uri] starts_with "/env") } { 
                if { [HTTP::uri] eq "/" } { 
                    HTTP::respond 200 content [ifile get Maintenance_Full_HTML] 
                } elseif { [HTTP::uri] eq "/Logo.png" } { 
                    HTTP::respond 200 content [ifile get Logo_png] 
                } elseif { [HTTP::uri] eq "/genericToolbox.png" } { 
                    HTTP::respond 200 content [ifile get genericToolbox_png]
                } else { discard }
           }
        }
    }
}