Forum Discussion

Michel_Lepage_5's avatar
Michel_Lepage_5
Icon for Nimbostratus rankNimbostratus
Sep 06, 2013

irule sequence of events

What is the sequence of events.

For example

Does HTTP_REQUEST happen before or after CLIENT_ACCEPTED

I need to allow access to a specific URI only to 2 specific IP addresses

I have this irule. Do I need to check the URI before or after

when CLIENT_ACCEPTED {

    if { [IP::addr [IP::client_addr] equals 1ST_ADDRESS || [IP::addr [IP::client_addr] equals 2ND_ADDRESS] } {
        log local0.  "Valid client IP: [IP::client_addr] - forwarding traffic"
        forward
    }
    else {
        discard
        log local0. "Invalid client IP: [IP::client_addr] - discarding"
    }

}

Thank you your help

Michel

application delivery
devops
iRules

3 Replies

Sort By
  • Richard__Harlan's avatar
    Richard__Harlan
    Historic F5 Account
    Sep 06, 2013

    The HTTP event happens after the when Client_accepted. Truth is you can check then at the same time in the when HTTP_REQUEST. Something like below.

    when HTTP_REQUEST {
  if { ! [[HTTP::uri] euqals "whatever"] && [class match [IP::client_addr] equals "localusers_dg" ] } {
      drop
  }
}
  • JRahm's avatar
    JRahm
    Icon for Admin rankAdmin
    Sep 06, 2013
    CLIENT_ACCEPTED fires immediately after the TCP handshake happens (for TCP obviously), HTTP_REQUEST fires when each GET/PUT/HEAD/POST/etc occurs, but after CLIENT_ACCEPTED. For things that only need to happen once in a connection (IP/TCP comparisons or logging) it makes sense to do that in CLIENT_ACCEPTED so they aren't evaluated for each http request within a connection. If you need that data for use within the http events, you can always set a variable if the context changes.