Forum Discussion

Bhajan_Gupta_28's avatar
Bhajan_Gupta_28
Icon for Nimbostratus rankNimbostratus
Sep 15, 2017

Required help for iRule for source based redirection

Hi guys,

 

Can any one help me to write an IRule for below requirement as i am using Big-IP 12.1.2 version..

 

having URL for example http://testing.dff.com and further have two sub folder such as

 

http://testing.dff.com/tnr http://testing.dff.com/enr

 

when external users from any where tried to access above two URL then they redirect to one of the maintenance page but when internal users (Private N/W) tried, they did.

 

Can we use data group for external & internal users and call into iRule as well.

 

application delivery
iRules
LTM
security

7 Replies

Sort By
  • Maneesh_72711's avatar
    Maneesh_72711
    Icon for Cirrostratus rankCirrostratus
    Sep 15, 2017

    yes it is very much possible and you already have thought on the correct lines.

     

    when CLIENT_ACCEPTED {

     

    if { ([class match [IP::client_addr] equals Internal] )}

     

    {

     

    HTTP::respond 301 Location "http://testing.dff.com/tnr";

     

    }

     

    else

     

    {

     

    HTTP::respond 301 Location "http://testing.dff.com/pnr";

     

    }

     

    }

     

    Where you internal would be your internal subnets/IP's they land on /tnr and external world land on /pnr.

     

    • Stanislas_Piro2's avatar
      Stanislas_Piro2
      Icon for Cumulonimbus rankCumulonimbus
      Sep 15, 2017

      This irule won't work!!

       

      • HTTP commands are not allowed in CLIENT_ACCEPTED event
      • the goal was to allow or deny both URLs based on client ip
      • even if the question was to filter uri based on client ip to redirect to on of URLs, this irule will loop because there is no URI condition!
    • Bhajan_Gupta_28's avatar
      Bhajan_Gupta_28
      Icon for Nimbostratus rankNimbostratus
      Sep 15, 2017

      Hi Stanislas thanks for your suggestion, yes this iRule would not work. I have just mentioned the comments again for my requirement, can you help me to make a correct iRule.

       

  • Faruk_AYDIN's avatar
    Faruk_AYDIN
    Icon for Nimbostratus rankNimbostratus
    Sep 15, 2017

    Let's say your private network 10.0.0.0/8

    when HTTP_REQUEST {
    if {![IP::addr [IP::client_addr]/8 equals 10.0.0.0]}
    {
        if { ([HTTP::host] equals "testing.dff.com") && ([HTTP::uri] equals "tnr" || [HTTP::uri] equals "enr" }
        {
            log local0.  "client IP: [IP::client_addr] - redirected to maintenance Page"
            HTTP::redirect "http://testing.dff.com/maintenancePage.html"
        }
    }
}
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Sep 15, 2017

    try this code:

     

    when HTTP_REQUEST {
    if { ([HTTP::host] equals "testing.dff.com") && ([HTTP::uri] starts_with "/tnr" || [HTTP::uri] starts_with "/enr" } {
        if { ![class match [IP::client_addr] equals Internal]} 
            log local0.  "client IP: [IP::client_addr] - redirected to maintenance Page"
            HTTP::redirect "/maintenancePage.html"
        }
    }
}