Nimbostratus
Cirrostratus
Do you want to block all requests from clients not in the datagroup and redirect all others to https? If so, here is an example:
when HTTP_REQUEST {
if { not [ matchclass [ IP::client_addr] equals Disney_Public_Source_Addresses ) } {
log local0. "blocked request for [HTTP::uri] by [IP::client_addr]"
HTTP::respond 403
} else {
HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]"
}
}
If you want to keep the two rules separate, you could use a local variable to track whether a prior iRule has already issued a redirect:
rule 1
when HTTP_REQUEST {
Check if a redirect has not already been issued
if {not ([info exists redirected] and $redirected==1)}{
Check if we want to send a redirect
if { $some_logic==1}{
Send a redirect
HTTP::redirect "https://[HTTP::host][HTTP::uri]"
Track that a redirect has been sent
set redirected 1
}
}
}
rule 2
when HTTP_REQUEST {
Check if a redirect has not already been issued
if {not ([info exists redirected] and $redirected==1)}{
if { $some_other_logic==1}{
Send a redirect
HTTP::respond 403
Track that a redirect has been sent
set redirected 1
}
}
}
Aaron