Forum Discussion

Nimbostratus

Jan 10, 2018

Irule logic question

when HTTP_REQUEST { if { ([matchclass [string tolower [HTTP::uri]] contains Allowed_uri]) or ([matchclass [IP::client_addr] equals Allowed_IP]) } { } else { log local0. "---CLIENT IP---[IP::cl...

Nacreous

Jan 10, 2018

Hi Lee,

I sometimes find it easier to read an iRule (especially when you include NOTs) by breaking the 'or' into separate 'if' conditions. Notice the "!" - this makes the condition a NOT.

So:

IF NOT datagroup URI, IF NOT datagoup IP, drop. (everything else will be allowed)

when HTTP_REQUEST {
    if {(![class match [string tolower [HTTP::uri]] contains Allowed_uri])} {
        if {(![class match [IP::client_addr] equals Allowed_IP])} {
            drop
        }
    }
}

PS -

matchclass

has been depricated: https://devcentral.f5.com/wiki/iRules.matchclass.ashx

Lee

Forum Discussion

Irule logic question

Recent Discussions

URL

Problems connecting to vpn after upgrading to ubuntu 24.04

Wildcard SSL Certificate Deployment on F5 LTM

iRule resulting in too many redirects

What happens if I only enable ASM in BIG-IP Under System > Resource Provisioning

Related Content

irule redirect question

Standalone BIG-IQ Upgrade Question

question of limitation and expiration for rest api token

Monitor Testing question

SNAT question