I assume you want to allow your company nets users to access the pool regardless of whether maintenance is being done? If so, can you try this? If it doesn't work as you'd like, you can uncomment the debug log lines and check /var/log/ltm for the output:
when HTTP_REQUEST {
log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::method] for [HTTP::host][HTTP::uri]"
if { [matchclass [IP::client_addr] equals $::acl_mycompany_nets] } {
log local0. "[IP::client_addr]:[TCP::client_port]: Client is in acl_mycompany_nets class. Exiting"
Client is a corporate user, so exit the iRule and don't redirect them
return
} else {
log local0. "[IP::client_addr]:[TCP::client_port]: Client is not in acl_mycompany_nets class. Checking URI."
if { ![matchclass [URI::decode [string tolower [HTTP::uri]]] contains $::acl_maintenance] } {
log local0. "[IP::client_addr]:[TCP::client_port]: Client is not in acl_mycompany_nets class and URI check failed. Redirecting."
HTTP::redirect http://www.mycompany.com/maintenance/index.php
}
}
}
Also, if you're on 9.4.4 or higher, you should remove the $:: prefix from the datagroup names in the iRule.
Aaron