Forum Discussion

Emad's avatar
Emad
Icon for Cirrostratus rankCirrostratus
Mar 27, 2013

Using Multiple iRule s for Client Selection

i have a domain i.e out.abc.com, there are multiple subdomains also hosted on that vip. I am using an Irule for subdomain based switching.

 

IRule being used for switching is :

 

 

 

switch [HTTP::host] {

 

out.abc.com { pool out_abc_com }

 

out2.abc.com { pool out2_abc_com }

 

out3.abc.com { pool out3_abc_com }

 

internal.abc.com { pool internal_abc_com }

 

default { pool default_i2cinc_com}

 

}

 

}

 

 

The Issue is i have to limit access of subdomain "internal.abc.com" to some internal ips mentioned in data class.

 

 

I tried to use Irule for the access but when i apply that access irule it starts rejecting all traffic of that VIP.

 

Please advice .

 

 

Irule Used for access implementation is:

 

 

 

when CLIENT_ACCEPTED {

 

if { [matchclass [IP::client_addr] equals $::allowedAddresses] }{

 

forward

 

} else {

 

discard

 

}

 

}

 

 

 

 

 

application delivery
dev
devops
iRules

4 Replies

Sort By
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Mar 27, 2013
    Since it's specific to the internal pool, why not just combine the logic: 

    
when HTTP_REQUEST {
   switch [string tolower [HTTP::host]] {
      out.abc.com { pool out_abc_com }
      out2.abc.com { pool out2_abc_com }
      out3.abc.com { pool out3_abc_com  }
      internal.abc.com {
         if { [class match [IP::client_addr] equals allowedAddresses] } {
            pool internal_abc_com
         } else {
            discard
         } 
  }
      default { pool default_i2cinc_com}
   }
}

    By the way, assuming you're not still on a 9.x box, matchclass is now deprecated and you don't need the "$::" syntax to address data groups.

  • Emad's avatar
    Emad
    Icon for Cirrostratus rankCirrostratus
    Mar 27, 2013
    alright. let me check with and reply back to you.
  • Arie's avatar
    Arie
    Icon for Altostratus rankAltostratus
    Apr 01, 2013
    1) You'll want to avoid "$::" like the plague if you're on v.11 - it can lead to very nasty problems.

     

    2) Have you considered configuring dedicated VIPs for the subdomains?
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Apr 01, 2013
    You don't use the $:: syntax when accessing data groups in v11, but you would use it to access the static namespace. Some would argue that global variables are generally bad, but they do have their place in some situations.