Forum Discussion

Cindy_127211's avatar
Cindy_127211
Icon for Nimbostratus rankNimbostratus
Oct 27, 2005

Matchclass for 'Address' Data Group Doesn't seem to work

The matchclass statement in the following rule doesn't seem to work. It never appears to match or not match any of the client IP addresses that are sent. What am I doing wrong?

 

 

class internal_net {

 

network 10.0.0.0 mask 255.0.0.0

 

network 64.57.32.0 mask 255.255.240.0

 

network 65.167.38.0 mask 255.255.255.0

 

network 127.0.0.0 mask 255.0.0.0

 

network 192.168.0.0 mask 255.255.0.0

 

network 208.21.56.0 mask 255.255.255.0

 

network 216.230.48.0 mask 255.255.240.0

 

}

 

rule IPRO_NONSSL_PROD {

 

when HTTP_REQUEST {

 

log local0. "client ip: [IP::client_addr]"

 

if { not [matchclass [IP::client_addr] eq $::internal_net] and [HTTP::uri] starts_with "/ipro/tpip/" } {

 

log local0. "IP not in internal_net class"

 

discard

 

}

 

elseif { [HTTP::uri] starts_with "/ipro" }

 

{

 

log local0. "IPRO starts with /ipro"

 

if { [HTTP::uri] starts_with "/ipro/servlet/acSnoop" }

 

{ log local0. "IPRO starts with /ipro/servlet/acSnoop"

 

pool ipro83sbox }

 

else {

 

log local0. "Redirect for ipro"

 

HTTP::redirect https://[HTTP::host][HTTP::uri] }

 

}

 

else { pool ipro83sbox }

 

}

 

}
application delivery
dev
devops
iRules

1 Reply

Sort By
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Oct 27, 2005
    From the user manual:

     

     

     

    findclass

     

     

    The findclass command searches a data group list for a member that starts

     

    with and returns the data-group member string. This is similar to the matchclass command, except that the member is not required to be

     

    equal; instead, the member is only required to start with the string and the command returns the entire member value.

     

     

    The syntax of the findclass command is:

     

     

    findclass

     

     

     

     

    HTH