whitelist + geoblocking in iRule

Question

Hi,
the problem is I would like to allow some countries and some IPs from not allowed countries to get access.
I'm not quite sure why this won't work:
when CLIENT_ACCEPTED {
        switch[ whereis [IP::client_addr] country ] {
            "DE" { set allowed 1 }
            "AT" { set allowed 1 }
            "CH" { set allowed 1 }
            "LI" { set allowed 1 }
            "LU" { set allowed 1 }
                default { set allowed 0 }
        }
                elseif {
                        if {
                          [matchclass [IP::client_addr] equals datagroup whitelistIP ] } {
                          pool datagroup-whitelistIP
                          }   
        else {
            reject
        }
    }

Can anybody help me?

kai_wilke · Answer

Hi 
you may try the iRule below as a starting point...
when CLIENT_ACCEPTED {
    if { [class match [IP::client_addr] equals whitelistIP] } then {
        pool insert_your_pool_name
    } else {
        switch -exact -- [whereis [IP::client_addr] country] {
            "DE" -
            "AT" -
            "CH" -
            "LI" -
            "LU" { 
                pool insert_your_pool_name
            }
            default { 
                reject
            }
        }
    }
}

Note: Reordered the [if] and [switch] nestings, optimized the [switch] command and finally changed the [matchclass] (is a deprecated command) to become [class match].
Cheers, Kai

Forum Discussion

whitelist + geoblocking in iRule

1 Reply

Recent Discussions

About custome Response Blocking Page

Office Online Server with SharePoint 2016

health monitor source IP address

How to target only webview rendering with CSS?

ltm policy asm_auto_l7_policy

Related Content

Exception for GeoBlocked Country. Without Allow-Listing a specific IP

Client-Certificate and IP-Whitelisting via Policy or iRule?

Whitelist certain inbound IPs

DDoS IPI List - Whitelist NTP Servers

DDoS IPI List - Whitelist DNS Servers