iRule to start conditionnaly oneconnect

Question

Is it possible to create an iRule that would match some specific clients source IP address (WAF farm) and apply accordingly a oneConnect profil ?&nbsp;
Idea is to enable connection reuse only for WAF servers (persist on XFF) but not for other basic clients (persist on sourceIP).&nbsp;
a try :&nbsp;
when CLIENT_ACCEPTED { if {[IP::addr [IP::client_addr] equals 10.2.0.0/16]} { onconnect myOneConnect &lt;==== this -of course- does not works :( } }&nbsp;

the_bhattman · Answer

Hi Gilles,
  Have you taken a look at the following post?&nbsp;
https://devcentral.f5.com/questions/oneconnect-with-irule&nbsp;
-=Bhattman=-&nbsp;

gilles_moulin_2 · Answer

Thank you for the reply...
so the idea is to associate a OneConnect profil to the virtual server and disable the connection reuse when client does not match the expected source :when CLIENT_ACCEPTED {
    if { not( [IP::addr [IP::client_addr] equals 10.2.0.0/16] ) } {
        ONECONNECT::reuse disable 
    } 
}

Correct ?

Forum Discussion

iRule to start conditionnaly oneconnect

2 Replies

Recent Discussions

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

Related Content

How OneConnect Profile works with Cookie Persistence

OneConnect? For my iRule?

Lightboard Lessons: OneConnect

What is HTTP Part VII - OneConnect

How OneConnect Profile's max-size works