log the client ip if it matches a network in the data group

Question

Hi There, I have data group class which contains both host's and network. I want to log the client ip only if it matches a network and not host.&nbsp;
Ex:&nbsp;
Client ip1: 10.75.18.21
Client ip2: 10.89.56.155&nbsp;
ACL file:&nbsp;
host 10.89.56.155
network 10.75.18.0/24&nbsp;
Here client ip1 is matching my subnet so log it. client ip2 is not matching so don't log it.&nbsp;
This is my current iRule. Any help on this is really appreciated. Thanks in advance.&nbsp;
when CLIENT_ACCEPTED {
  if { [ class match [IP::client_addr] equals clients_new ] } {
     pool new_clients_pool
 } else {
  reject
 }
}&nbsp;

ilian_ivanov · Answer

Hi,
If I am understanding correctly, you can create 2 data groups 1 for host and 1 for network. Then use that iRule:
when CLIENT_ACCEPTED {
if { [ class match [IP::client_addr] equals clients_new_network ] } {
    pool new_clients_pool 
    log local0. "Client IP is [IP::client_addr]"
}
if { [ class match [IP::client_addr] equals clients_new_host ] } {
    pool new_clients_pool 
}
else {
    reject
}
}

Forum Discussion

log the client ip if it matches a network in the data group

1 Reply

Recent Discussions

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

F5 VE in Azure - troubles with Sentinel integration

Need help on i-rule to specific uri path

Related Content

Re: F5 XC Distributed Cloud HTTP Header manipulations and matching of the client ip/user HTTP header

Understanding Performance Metrics and Network Traffic

F5 Distributed Cloud - Service Policy - Header Matching Logic & Processing

Enhance your Application Security using Client-side signals

Multi-Cluster, Multi-Cloud Networking for K8S with F5 Distributed Cloud – Deployment Guideline