iRule to exclude network from further filtering and process the rest of the traffic by URI

Question

Hi folks,&nbsp;
Complete noob to irules. What I am trying to achieve with this irule is to allow for a specific subnet access to any uri under the sun but restrict the rest of the world to only specific URI's.&nbsp;
when HTTP_REQUEST {
    if { [class match [IP::client_addr] equals vendor_network] } {
    pool vendorapp_https-8443_pool
   } elseif { [ class match [string tolower [HTTP::uri]] contains vendorapp_allowed_uri_list ] } {
  Stop processing the iRule for this event here
  return }
 else {
  drop }
 }&nbsp;
the page doesn't load and in cURL all I see is a successful SSL transaction (ssl offloaded).&nbsp;
I appreciate any input!
Nick&nbsp;

boneyard · Answer

first thing i would do is add some debug logging&nbsp;
so log the IP::client_addr / HTTP::uri to make sure you are performing the right request&nbsp;
then log for entering the different statements, so you know what the iRule felt about your request&nbsp;
then tailf /var/log/ltm and do the request&nbsp;
a quick check seems to indicate the second option doesn't have pick a specific pool, but that might be the standard one.&nbsp;
see where that gets you.&nbsp;

Forum Discussion

iRule to exclude network from further filtering and process the rest of the traffic by URI

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

What is Multi-Cloud Networking?

iRule exclude URI

Demo Guide & Video Series for F5 Distributed Cloud Network Connect (Multi-Cloud Networking)

Community Learning Path: Multi-Cloud Networking

A complete Multi-Cloud Networking walkthrough with F5 Distributed Cloud