image What could you do with your code in 20 Lines or Less? That's the question I ask (almost) every week for the devcentral community, and every week I go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head.

By a show of hands, who else here is surprised and/or excited that we finally made it to the 50th 20 Lines or Less? I'm a little of both, though more excited than anything. Years ago when I started the series I wasn't sure if anyone would find value in it, whether it was too dry to follow regularly, or even if I'd be able to drum up enough iRule examples to somewhat regularly put one of these things out. All of my trepidation was for naught, though, as the wicked awesome DevCentral community came through in spades. Both via support and interest, and a constant supply of killer iRules examples for me to pilfer.

This week, though, I'll be using my own code. I've been writing up these iRules Challenges the past few months and I'm really enjoying them. As part of the process I've been building the solution I'd offer to each challenge. Keep in mind, as I've told each class of FSEs, this does not mean it's the "correct" solution, just the way I'd do it. There are always variances in coding techniques and logical approaches, and I'm prone to missing possible solutions or shortcuts just like anyone else, but I wanted to share my solutions as part of this momentous 20LoL installment. I made even made sure they were all 20LoL when building them (I know, planning ahead...weird, right?). Keep in mind that most of these require some configuration tweaks (syslog-ng routing through a certain IP, classes being added, etc.) to function, so don't go trying them without that.

Also, before I forget, I want to give a big thanks to those that have read, commented, contributed and/or passed along the 20LoL over the years. We're "over the hump" to 100, and that's the next target in my sights. Thanks for the support, here's some code to feed the geek in you and me.

Challenge #4:

Desired Solution:

If a user is making a request to one of a list of URIs (50+), and that request is bound for one of the 4 “secure servers” (4 servers, non-sequential IPs, in one pool) in the DMZ, the Client must originate from a particular subnet (, or from an IP resolving to one of the partners in a given list of hosts (20+).


    a) Identify the URI being requested

    b) Identify the IP address of the server the request is being sent to

    c) Identify the network and/or the PTR host the client is initiating the request from

    d) Drop any errant requests

    e) Log any “bad” requests, including: IP Address of Client, IP Address of Server, requested URI