Forum Discussion
21 Replies
- Lornz_118797NimbostratusI'm trying to do similar, with (I think) an understanding that f5 recommends not using data groups in a multiprocessor system. So I'm trying to do this:
- Kevin_StewartEmployeeSo first things first, I can't imagine anyone suggesting that data groups aren't recommended in multiprocessor systems. They work perfectly well and in many cases simplify your iRules. In any case, here's a slight modification of your conditional.
- Christopher_BooCirrostratusI've had a similar irule (using data groups) in place for months with no issues on a 3600.
- Lornz_118797Nimbostratus
Hi Kevin- Thanks a bunch, this at least got me to save, and testing now. I'll follow up with f5 to see if we can jettison the understanding that our team got before about the data groups. Thanks again!
- Lornz_118797Nimbostratus
Hi Christopher- thanks a lot for this information, too. I'm following up here and with f5 to see where this idea came from, and if we can ignore it. Regards, Lorenz
- Colin_Walker_12Historic F5 AccountI can say with absolute certainty that data groups are very much recommended on multi-processor systems. They work great, and we use them all the time. ;)
- nullck_120095Nimbostratus
Hi,
I resolved this problem, then use
when HTTP_REQUEST { switch -glob [IP::client_addr] { "200.34.20.0/20" { set status "OK" } "172.16.0.0/16" { set status "OK" } "10.0.0.0/8" { set status "OK" } } if { $status != "OK" } { if { [HTTP::uri] matches "/admin/" or [HTTP::uri] matches "/administrator/" or [HTTP::uri] matches "/administracao/*" } { HTTP::redirect http://[HTTP::host] } } }
- Viv_RichardsCirrostratus
Dear All,
I have tried below iRule with the intension to access specific URI (testapi.apsx) from specific IP which is part of testapiAllowList datagroup , however when I am trying to access URI (testapi.aspx), it is still accessible from the IP which is not part of testapiAllowList datagroup
======================= when HTTP_REQUEST { if { [string tolower [HTTP::path]] contains "/testapi.aspx" } { if { !([matchclass [IP::client_addr] equals testapiAllowList])} { discard }
==========
As per my understanding, if I am not part of testapiAllowList datagroup, I should not able to access URI "/tetsapi.aspx"
Kindly correct me if I am wrong
- Kevin_StewartEmployee
The logic here seems sound. What does your data group look like?
Maybe add some logging to see what's going on.
when HTTP_REQUEST { if { [string tolower [HTTP::path]] contains "/testapi.aspx" } { if { !([matchclass [IP::client_addr] equals testapiAllowList]) } { log local0. "discarding" discard } else { log local0. "allowing" } } else { log local0. "something else" } }
- Martins_K_20579Nimbostratus
Dear All,
I have tried below iRule with the intension to access specific URI (testapi.apsx) from specific IP which is part of testapiAllowList datagroup , however when I am trying to access URI (testapi.aspx), it is still accessible from the IP which is not part of testapiAllowList datagroup
======================= when HTTP_REQUEST { if { [string tolower [HTTP::path]] contains "/testapi.aspx" } { if { !([matchclass [IP::client_addr] equals testapiAllowList])} { discard }
==========
As per my understanding, if I am not part of testapiAllowList datagroup, I should not able to access URI "/tetsapi.aspx"
Kindly correct me if I am wrong
- Kevin_StewartEmployee
The logic here seems sound. What does your data group look like?
Maybe add some logging to see what's going on.
when HTTP_REQUEST { if { [string tolower [HTTP::path]] contains "/testapi.aspx" } { if { !([matchclass [IP::client_addr] equals testapiAllowList]) } { log local0. "discarding" discard } else { log local0. "allowing" } } else { log local0. "something else" } }