Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

Single iRule for multiple customers to whitelist blacklist via data group

We have been using separate whitelist/blacklist for each customer so far, since we used separate VIP for each customer. But we are now planning to move to single VIP configuration to handle traffic for all customers for which we have the iRule in our test lab which works fine for our requirement.

However we would also like to have one common iRule for whitelist/blacklist that can be handle traffic via data group, to avoid editing iRule for every new customer addition. Please suggest syntax for the same.

when HTTP_REQUEST {
    if { ([matchclass [string tolower [HTTP::host][HTTP::uri]] contains "Customer1_Blacklist_URLs"]) and ([matchclass [IP::remote_addr] equals "Customer1_Blacklist_IPs"]) } { HTTP::respond 403 }
}

when HTTP_REQUEST {
    if{ ([matchclass [string tolower [HTTP::host][HTTP::uri]] contains "Customer2_Blacklist_URLs"]) and ([matchclass [IP::remote_addr] equals "Customer2_Blacklist_IPs"]) } { HTTP::respond 403 }
}
0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I recommend to configure only one datagroup, with customer name in value.

Then, in class match command, add -value parameter to return the value instead of 0/1

Finally, check if the value equals (or contains) the customer name!

0
Comments on this Answer
Comment made 09-Mar-2018 by Sabir Alvi 75
set pool [class match -value -- [HTTP::host] contains customer_dg]

Is this what you are suggesting? How do I map it to different IP list that I have for different customers? Can you please share the complete iRule syntax if you have shared it before in DevCentral?

0