Forum Discussion

CGI's avatar
CGI
Icon for Altostratus rankAltostratus
Jan 11, 2011

Irule problem

Hi iam trying to combine a couple of functions into one irule, the irule should look at the origin land

 

of the request allowing only countries i a specific data list and then look at the the ip to see if it is trusted

 

ip in the trusted ip data list (which allows access) and then last of all should look at the requested uri and if

 

the uri includes /compass and is from a ip that comes from Denmark it should be sent to a specific pool.

 

My atttempt at this is below, as iam a begineer at this, i have a problem th syntax seems okay but the irule does not seem

 

to work.

 

 

Any help or suggestions greatly appreciated.

 

 

when CLIENT_ACCEPTED {

 

if {([class match [whereis [IP::client_addr] country] eq allowed_country] or [class match [IP::client_addr] eq allowed_ip])} {

 

set allowed 1 }

 

else { set allowed 0

 

log local0. "Blocked Country client IP: [IP::client_addr] from [whereis [IP::client_addr] country]"}}

 

when HTTP_REQUEST {

 

if { ([$allowed eq 1] and [whereis [IP::client_addr] country ] eq "dk" and [[HTTP::uri] contains "/compass/*"])}{

 

pool Compass_http_pool}

 

else {pool OnDemand_htp_pool}}

 

 

 

Regards Craig

 

application delivery
dev
devops
iRules

4 Replies

Sort By
  • CGI's avatar
    CGI
    Icon for Altostratus rankAltostratus
    Jan 12, 2011

    This part works if i remove the log local :-

     

     

    when CLIENT_ACCEPTED {

     

    if {([class match [whereis [IP::client_addr] country] eq allowed_country] or [class match [IP::client_addr] eq allowed_ip])} {

     

    set allowed 1 }

     

    else { set allowed 0

     

    log local0. "Blocked Country client IP: [IP::client_addr] from [whereis [IP::client_addr] country]"}}

     

     

    like:-

     

     

    when CLIENT_ACCEPTED {

     

    if {([class match [whereis [IP::client_addr] country] eq allowed_country] or [class match [IP::client_addr] eq allowed_ip])} {

     

    set allowed 1 }

     

    else { set allowed 0 }}

     

     

    But the bottom part does not work either :-

     

     

     

    when HTTP_REQUEST {

     

    if { ([$allowed eq 1] and [whereis [IP::client_addr] country ] eq "dk" and [[HTTP::uri] contains "/compass/*"])}{

     

    pool Compass_http_pool}

     

    else {pool OnDemand_htp_pool}}

     

     

    So iam cheking the ip´s first against two data lists one that is called allowed ip´s and one thats allowed countries and allowing certain ip´s and

     

    countries through but (and i would like to log the traffik) but then if one of the urls includes /compass/ and is from denmark then it should be sent to

     

    a seperate pool all others to the default pool.

     

     

    Iam afraid iam not so accomplished with the syntax.

     

     

    Regards Craig

     

     

  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Jan 12, 2011
    
when HTTP_REQUEST {
if { $allowed eq 1 and [whereis [IP::client_addr] country ] eq "dk" and [HTTP::uri] contains "/compass/" } {
pool Compass_http_pool 
} else { pool OnDemand_htp_pool }
 }

    See if that compiles/works.
  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Jan 12, 2011
    I haven't looked at the client_accepted statement too much yet, but give this a shot. 

    
when CLIENT_ACCEPTED {
    if { ([class match [whereis [IP::client_addr] country] eq allowed_country] or [class match [IP::client_addr] eq allowed_ip]) } {
          set allowed 1 
   } else { 
 log local0.  "Blocked Country client IP: [IP::client_addr] from [whereis [IP::client_addr] country]"
set allowed 0 }
}