Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Irule Help

Dears,

Need some help on the F5 configuration. The requirements are: 1. Do not apply URI redirect if the request is coming from a particular subnet. 2. Apply URI redirect otherwise.

Tried the below Irules its not working. Please help urgent.

when HTTP_REQUEST { if { ([HTTP::uri] equals "/") and ([IP::client_addr] != "10.1.2.0/24") } { HTTP::redirect "/cams" } }


when HTTP_REQUEST { if { [IP::addr [IP::client_addr] eq 10.1.2.0/24] } { return #do nothing } elseif { [HTTP::uri] equals "/" } { HTTP::redirect "/cams" }

}

when HTTP_REQUEST { if { { [IP::client_addr] = "10.1.2.0/24" } } { return #do nothing } else { HTTP::redirect "http://[HTTP::host]/cams" } }

Thanks & Regards, Sam

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Morning, please try this iRule, it will redirect if the client IP address is not within the 10.1.2.0/24 range.

when HTTP_REQUEST {
    if {!([IP::addr[IP::client_addr] equals 10.1.2.0/24])} {
        HTTP::redirect "http://[HTTP::host]/cams"
    }
}

Please see the following link for IP::addr syntax https://devcentral.f5.com/wiki/iRules.IP__addr.ashx

0
Comments on this Answer
Comment made 03-Jan-2018 by ssam 1

I have tried the irule and its not working. Any other suggestions.

0
Comment made 04-Jan-2018 by Lee Sutcliffe 2911

Could you try the following with additional logging (I have also added the condition HTTP::uri eq "/". Reading through your original post it seems this is a requirement Please could you post the output of the log message in /var/log/ltm

when HTTP_REQUEST {
    log local0. "CLIENT IP:[IP::client_addr] URI:[HTTP::uri]"
    if {(!([IP::addr[IP::client_addr] equals 10.1.2.0/24])) && ([HTTP::uri] eq "/")} {
        HTTP::redirect "http://[HTTP::host]/cams"
    }
}
0
Comment made 11-Jan-2018 by Lee Sutcliffe 2911

Hi, if you've tried the above iRule could you post the log entry and it may allude as to why the redirect isn't working.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

i think you had better also check uri.

e.g.

when HTTP_REQUEST {
  if { ![IP::addr [IP::client_addr] equals 10.1.2.0/24] and [HTTP::uri] eq "/" } {
    HTTP::redirect "http://[HTTP::host]/cams"
  }
}
0
Comments on this Answer
Comment made 03-Jan-2018 by ssam 1

No luck. I have tried enabling logging and found the irule is not detecting the ip address.

when HTTP_REQUEST {log local0. "before ip" if { ![IP::addr [IP::client_addr] equals 10.1.2.0/24] and [HTTP::uri] eq "/" } { log local0. "after ip" HTTP::redirect "http://[HTTP::host]/cams" } }

0
Comment made 03-Jan-2018 by ssam 1

I am getting only the "before ip" in the logs. Seems like the if condition is not matching.

0
Comment made 06-Jan-2018 by ssam 1

Any luck or suggestions ?

0
Comment made 06-Jan-2018 by nitass 13357

have you added logging Lee (MrPlastic) suggested? can you post the log?

0
Comment made 10-Jan-2018 by ssam 1

yes I have tried that but no luck

0
Comment made 11-Jan-2018 by Morten Marstrander 250

I tested this in my lab now, and it works fine. My BIG-IP is running version 12.1.2 (Build 1.0.271).

Can you start a tcpdump and verify that the source IP (client side) actually is what you expect it to be?

Regards, Morten

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

iRule provided by Nitass may work. I guess there is a nat device between the client and the F5.

can you try this code to check client IP address (try to access to /myipaddress URL)

when HTTP_REQUEST {
    if { ([HTTP::uri] equals "/myipaddress") } {
        HTTP::respond 200 content "
            <html>
                <head><title>My IP Address</title><meta http-equiv='refresh' content='120' ></head>
            <body>
                <p>Your client IP : <b>[IP::client_addr]</b></p>
            </body>
            </html>
        " noserver
    }
}
0