Forum Discussion

MartinS's avatar
MartinS
Icon for Nimbostratus rankNimbostratus
Apr 16, 2019

irule based on source ip and http host

Hello, could anyone help me with irule which should choose address pool based on HTTP::host and Client IP address?

I started with

when HTTP_REQUEST {

if { ([HTTP::host] equals "sd.informe.xx") and ([IP::addr "192.168.0.0 mask 255.255.0.0" equals [IP::client_addr]])}
{
 pool inside_pool_443 
}

elseif { ([HTTP::host] equals "sd.informe.xx") and !([IP::addr "192.168.0.0 mask 255.255.0.0" equals [IP::client_addr]])}
{
 pool pool_outside_443
}

elseif { ([HTTP::host] equals "sdint.informe.xx") and ([IP::addr "192.168.0.0 mask 255.255.0.0" equals [IP::client_addr]])}
{
 pool pool_inside_444
}    

}

but unfortunately I stucked and dont know how to combine http host and ip address 

thank you very much

my case is related to version 12.1.0(Build 0.0.1434)

Martin

2 Replies

  • Hi

    you can try this:

    when HTTP_REQUEST {
    
    if { [IP::addr [IP::client_addr] equals 192.168.0.0/16] } {
    
    switch [string tolower [HTTP::host]] {
        "sd.informe.xx" {
            pool inside_pool_443 
        }
        "sd2.informe.xx" {
            pool pool_outside_443
        }
        "sdint.informe.xx" {
            pool pool_inside_444
        }
        default {
             don't do anything...
        }
    }
    
    }
    
    }
    

    You can also do it using LTM Policy. it will be more simple and it's done per request...

    If you use irule for your need don't forget to set oneconnect profile in order to detach session...

    Regards

  • Hi please try this iRule and let me know how you get on, I notice you have a

    "!"
    on the second if condition. I assume you want this to mean
    not equals to
    .

    when HTTP_REQUEST {
        set ipMatch [IP::addr 192.168.0.0/16 equals [IP::client_addr]]
        switch [HTTP::host] {
            "sd.informe.xx" {
                if {$ipMatch} {
                    pool inside_pool_443
                } else {
                    pool pool_outside_443
                }
            }
            "sdint.informe.xx" {
                if {$ipMatch} {
                    pool pool_inside_444
                }
            }  
        }
    }