Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Small iRule help

Small iRule help

Hi guys,

I want to send a HTTP response based on the client source IP address, it is just for a test, but the iRule validation fails. I prefer to keep it simple, I know I can add the switch clause, but for now I dont want to overcomplicate it.

Here it is:

when HTTP_REQUEST { log local0. "Client ([IP::client_addr]) is requesting: [HTTP::uri]" if { ([IP::addr [IP::client_addr]/24 equals 64.122.88.0 ]) or ([IP::addr [IP::client_addr]/24 equals 180.10.134.140.0 ]) } { log local0. "Default condition" HTTP::respond 200 content "Forbidden Redirect From Remote Server<BODY>This is the mock up for testing" } }

Something must be wrong, getting a syntax error.

0
Rate this Question
Comments on this Question
Comment made 2 months ago by tatmotiv 1011

It would be helpful if you had used the formatting options in order to display the irule in readable form(not as a one-line string).

Also, the content of the syntax error would be helpful.

0
Comment made 2 months ago by Livius 161

This is the code I am using but not validating the client source IP addresses still:

Code
`</pre>

when HTTP_REQUEST {
    log local0. "Client ([IP::client_addr]) is requesting: [HTTP::uri]"
    if { ([IP::addr [IP::client_addr]/24 equals 54.179.88.0 ]) or ([IP::addr[IP::client_addr]/24 equals 17.34.134.140.0  ]) or ([IP:addr[IP::client_addr]/24 equals 219.45.252.0  ])  } 

            {
           log local0. "Default condition"
            HTTP::respond 200 content  "<title>Forbidden Redirect From Remote Server</title>&lt;BODY&gt;This is the mock up for  testing" 
        }

}
0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

180.10.134.140.0 is not a valid IP address. Correct this, and your iRule should work. For example:

when HTTP_REQUEST { 
    log local0. "Client ([IP::client_addr]) is requesting: [HTTP::uri]" 
    if { ([IP::addr [IP::client_addr]/24 equals 64.122.88.0 ]) or ([IP::addr [IP::client_addr]/24 equals 180.10.134.0 ]) } { 
        log local0. "Default condition" 
        HTTP::respond 200 content "<BODY>This is the mock up for testing" 
    } 
}
1
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Please use below iRule and assigned to virtual server. when CLIENT_ACCEPTED { if { [IP::addr [IP::client_addr] equals 10.1.1.1/32] or [IP::addr [IP::client_addr] equals 10.1.1.2/32]} { if { [TCP::local_port] == 22 } { pool pool-1 } else { reject } } else { reject } }

Port 22 is just an example.

0
Comments on this Answer
Comment made 2 months ago by Livius 161

I changed the IP address on purpose, but the original iRule contains the 32 bit IP addresses. That is not the problem...

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi,

you can try this, it will be more easy to manage your client IP... As you can noticed you can add additional client IP in multivalue var or delete (it will allow you to don't touch condition, just add or delete client IP)....

when HTTP_REQUEST {

set uri [string tolower [HTTP::uri]]
set host [string tolower [HTTP::host]]

array set client_ip {
    clientip1 "64.122.88.0/8"
    clientip2 "180.10.134.140.0/12"
}

foreach ip [array names client_ip] {
    if { [IP::addr [IP::client_addr] equals $client_ip($ip)] } {
        log local0. "client ip: [IP::client_addr] - client grp matching: $client_ip($ip) - url: $host$uri"
        HTTP::respond 200 content "what's you want to display" 
    }
}

}
0