Forum Discussion
Stanislas_Piro2
May 13, 2016Cumulonimbus
Policy are executed first, then irules.
You can set tcl variable in Policies actions and use it in iRules.
So, you can create a policy to filter based on HTTP header, if it matches, set a variable HeadersAllow to 1, then check if the variable exists and if value is 1 in irule.
when HTTP_REQUEST {
check header exists and have the right value, or is an internal or trusted address
if { !(([info exists "HeadersAllow"]) && ($HeadersAllow) || ([class match [IP::client_addr] equals Trusted-Ip-Addresses ]))} {
drop the packet
drop
}
}
The policy is :
ltm policy MyTestPolicy {
controls { forwarding }
requires { http }
rules {
http_header {
actions {
0 {
tcl
set variable
name HeadersAllow
expression 1
}
}
conditions {
0 {
http-header
name MyHeader
contains
values { Predefined_Value }
}
}
ordinal 3
}
}
strategy first-match
}
In version 11.6 and above, the policy configuration is:
ltm policy Policy_test {
controls { forwarding }
requires { tcp http }
rules {
rule1 {
actions {
0 {
forward
reset
}
}
conditions {
0 {
tcp
address
not
matches
values { 1.2.3.4 }
}
1 {
http-header
name MyHeader
not
values { Predefined_Value }
missing
}
}
ordinal 1
}
}
strategy first-match
}