iRule and data group not matching properly
Hi all,
We have the following devices: 2 BIG-IPs version is version 11.4.1. HA enabled.
Network topology is : Akamai --- BIG-IP --- WAF --- Servers HTTP
The issue is :
1) We have several iRules for maintenance purpose.Used when we are making changes on the http servers. The Rule has an if/else statement.
During a maintenance window site customers requests will be redirected to a maintenance page and only a few selected IPs(engineers) will be sent to the normal page.Sample iRule:
when HTTP_REQUEST {
HTTP::header insert X-Forwarded-For [HTTP::header "True-Client-IP"]
if { [class match [HTTP::header "True-Client-IP"] equals "DATAGROUP"] } {
}
else {
HTTP::redirect "http://maintenance.com/maint.html"
}
}
DATAGROUP definition
ltm data-group internal DATAGROUP {
records {
IP1 { }
IP2 { }
IP3 { }
}
type string
2) The above rule works ( general customers are redirected to the maintenance page and engineers are going to the normal one ) but when parsing http server logs weve found out that
general customers IPs accessed the normal page during maintenance window.We didnt found any errors in the /var/log/ltm or tmsh show sys log ltm
What could be the cause of the general customer passing through towards the normal page and not matching the iRule ? Is it a known bug, new bug ? A iRule syntax , parsing problem ?
Thanks for helping.