Irule for Uri and Client IP address.

First, if BIG-IP does not have access to the unencrypted traffic (if you are not performing SSL bridging or Proxy SSL in this case - decrypting then re-encrypting the traffic), the iRule will not be able to read the URI of the request.

I'm confused by your requirements. You mention: "But, if client request has different service uri like /abc, then should be ok too."

This seems to indicate you're only interested in the client IP - is that correct? If so - remove the first test in the IF statement (regarding the URI). You could even change the event to something like CLIENT_ACCEPTED if only matching on the client IP.

If you are trying to match both the URI and client IP, are you having issues with the rule? Remember that the path portion of the URI is case-sensitive, so your match condition must be exact ("/eqwebservice" will be case-sensitive). Some will use the tcl function "tolower" to ignore case in the test.

If you can clarify your requirement and any issue you're having that would be helpful.

This will send everything to pool My_443_Pool, unless they use the URI /eqwebservice, then it will check their IP against a datagroup and drop it if it's not a match.

when HTTP_REQUEST {
  set httpUri [HTTP::uri]
  set clientIp [class match -value [IP::client_addr] equals allowed_ip_addresses]
  if { $httpUri starts_with "/eqwebservice" && $clientIp equals "" } {
    drop
  } else {
    pool My_443_Pool
  }
}

Hi,

First of all, thanks for you swift response. Third line in the irule, if it is not match with the related datagroup must be dropped. So that, this line must be written like this, please correct me if i am wrong ;

if { $httpUri starts_with "/eqwebservice" && $clientIp not equals "" }

There is also one thing you should care about it, if the Uri is different from /eqwebservice must be forward to the pool without a problem. For example ;

www.test.com/abc ( this uri must be forward to the pool )

Can your irule do this ?

Best Regards,