Hi Lee,
I sometimes find it easier to read an iRule (especially when you include NOTs) by breaking the 'or' into separate 'if' conditions.
Notice the "!" - this makes the condition a NOT.
So:
IF NOT datagroup URI,
IF NOT datagoup IP,
drop.
(everything else will be allowed)
when HTTP_REQUEST {
if {(![class match [string tolower [HTTP::uri]] contains Allowed_uri])} {
if {(![class match [IP::client_addr] equals Allowed_IP])} {
drop
}
}
}
PS -
matchclass
has been depricated:
https://devcentral.f5.com/wiki/iRules.matchclass.ashx
Lee