Assuming the logic works for your scenario, the syntax looks fine.
when HTTP_REQUEST {
if { (not [matchclass [string tolower [HTTP::uri]] starts_with $::LegacyExceptions]) and ([matchclass [string tolower [HTTP::uri]] starts_with $::LegacyPaths]) } {
checked for matchclass != exceptions and == LegacyPaths and forward to Legacy_http_pool
use snatpool atypon_SNAT
log local0. "*****DEBUG SNAT applied"
snat 172.23.0.60
pool Legacy_http_pool
HTTP::redirect http://www.google.com
} else {
when uri matches admin in Literatum check for source ip
if { [HTTP::uri] starts_with "/admin" and (not [matchclass [IP::remote_addr] equals $::Admin]) } {
Literatum path for admin uri but not internal IP
log local0. "External IP ([IP::remote_addr]) attempting to access admin path ([HTTP::uri])"
HTTP::redirect http://redirect.com/404.html
} else {
pool Stage_http_pool
}
}
}
Aaron