All,
I have been racking my brain for two days now and have read back on this list since middle of last year and still can't figure out how to combine two pieces of logic with an and state...
Depending on how flexible your network is, maybe you don't need an irule at all. How about simply allowing only requests coming from the 'internal' vlan access to the VIP? screen cap attached.