Need help combining 2 irules

Question

I'm not much of a scripter but I usually figure it out of I stare at it long enough.  I'm trying to combine the 2 irules below.  I'd like to insert irule 2 at the end of irule 1.  The idea is to allow anyone on the network to hit the specified URIs and be directed to the rec.utt.pool, but to only allow internal users (api.network.list class) to go to the api.utt.pool and either drop or provide an http access denied message to everyone else.  I'd appreciate any help.&nbsp;
&nbsp;Thanks,
&nbsp;Chris&nbsp;
&nbsp;Irule 1&nbsp;
&nbsp;when HTTP_REQUEST {
&nbsp;      switch -glob [string tolower [HTTP::uri]] {
&nbsp;      "/pss-alerts*" -
&nbsp;      "/pss-forms*" -
&nbsp;      "/pss-reports*" - 
&nbsp;      "/pss-messaging*" {
&nbsp;        pool rec.utt.pool
&nbsp;      }       
&nbsp;      default {
&nbsp;        pool api.utt.pool 
&nbsp;      }
&nbsp;   }
&nbsp;}&nbsp;
&nbsp;Irule 2&nbsp;
&nbsp;when CLIENT_ACCEPTED { 
&nbsp;if { [class match [IP::client_addr] equals api.network.list] } { 
&nbsp;pool api.utt.pool
&nbsp;} else {
&nbsp;drop
&nbsp;}&nbsp;&nbsp;

christopher_boo · Answer

I'm now down to 1 error. 
&nbsp;  
&nbsp; error: line 10: [undefined procedure: else] [else]  
&nbsp;  
&nbsp;  
&nbsp; when HTTP_REQUEST { 
&nbsp;       switch -glob [string tolower [HTTP::uri]] { 
&nbsp;       "/pss-alerts*" - 
&nbsp;       "/pss-forms*" - 
&nbsp;       "/pss-reports*" -  
&nbsp;       "/pss-messaging*" { 
&nbsp;         pool rec.utt.pool 
&nbsp;       } elseif { [class match [IP::client_addr] equals api.network.list] } {  
&nbsp; pool api.utt.pool 
&nbsp;       } else { 
&nbsp;       discard 
&nbsp;       } 
&nbsp;    } 
&nbsp; }

nathe · Answer

Christopher, 
&nbsp;  
&nbsp; elseif needs an if so I'd say that was the issue. Try changing elseif to if and you shouldn't need an else either. 
&nbsp;  
&nbsp; Hope this helps. 
&nbsp;  
&nbsp; N

christopher_boo · Answer

Thanks! I tried that and it still gave me an error. I've removed the default bit at the end of the first irule and put an else discard at the end of the second irule. This at least has me functional, though still using 2 irules. &nbsp;
&nbsp;Chris

richard__harlan · Answer

Try the following I changed it up a little 
&nbsp;  
&nbsp; First I check the IP address, if match send to pool and drop out of the iRule. If not match fall through to the switch statement. If there is no match send a reset and move on. 
&nbsp;  
&nbsp; when HTTP_REQUEST { 
&nbsp;     if { [class match [IP::client_addr] equals api.network.list] } { 
&nbsp;           pool api.utt.pool 
&nbsp;           return 
&nbsp;     }  
&nbsp;     switch -glob [string tolower [HTTP::uri]] { 
&nbsp;       "/pss-alerts*" - 
&nbsp;       "/pss-forms*" - 
&nbsp;       "/pss-reports*" - 
&nbsp;       "/pss-messaging*" { 
&nbsp;         pool rec.utt.pool 
&nbsp;       }       
&nbsp;       default { 
&nbsp;         reject 
&nbsp;       } 
&nbsp;    } 
&nbsp; } 
&nbsp;      &nbsp;

christopher_boo · Answer

The problem with this is I want the users on the api.network.list to have access to those URIs for the rec.utt.pool as well.  Thanks for the input! 
&nbsp;  
&nbsp; Chris

Forum Discussion

Need help combining 2 irules

8 Replies

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

Can APM Licenses on Two Separate Boxes Be Combined?

irule

Avoiding Common iRules Security Pitfalls

Simple Sideband - iRule sideband the easy way

GSLB Split DNS by iRule