Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

iRule trouble - Redirecting IPs not matching data group

I applied an iRule to redirect incoming traffic not matching IPs in a data group (ex. 20.x.x.x) to a default page. However, when I test it via wireless (172.x.x.x), I'm not getting redirected. The iRule's applied to two vservers (they use port 8000 and 8089) connections via HTTP. I verified my wireless connection's IP when hitting the vserver via a tcpdump.

This is the iRule...does this look correct? Would there be a better way to do it?

when HTTP_REQUEST { if { not ([class match [IP::remote_addr] equals site_restrict]) } { HTTP::redirect "https://www.defaultpage.com"; }
}

Thanks!

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Use logging in order to log your incoming IP address. This will help you to better verify the incoming source address as there is a chance that the source IP can get proxy'd through a different IP address.

If you want to redirect based on incoming IP address, why not use the CLIENT_ACCEPTED event instead of HTTP_REQUEST ?

0
Comments on this Answer
Comment made 1 month ago by Alan B. 187

I'll take a look at logging, thanks. When I tried substituting CLIENT_ACCEPTED for HTTP_REQUEST I get back:

01070151:3: Rule [/Common/site_restrict] error: /Common/site_restrict:3: error: [command is not valid in current event context (CLIENT_ACCEPTED)][HTTP::redirect "http://www.defaultpage.com";]

0
Comment made 1 month ago by Vijay 4910

Try the following after inserting relevant log statements:

when HTTP_REQUEST {
    if { not([class match [IP::client_addr] equals site_restrict]) } {
        HTTP::redirect "https://www.defaultpage.com"
    }
}
0