URI access for all for 4 URIs and rest of the URIs based on IP whitelisting

Can you clean up the presentation of the code a bit? It's really hard to read as-posted. The 'pre-formatted code' button in the editor window may help keep the indentation correct.

 

One issue I do see is that you use the 'string tolower' function to convert HTTP::host to lower-case, but your test text includes upper-case characters. Your 'if' tests on HTTP::host will never match. Are your 'if' and 'elseif' trying to match on the same text?

 

Hi,

If you pasting iRule please use Preformatted Code button - without it's really hard to check iRule logic.

If I am not wrong your rule looks like that:

 

when HTTP_REQUEST {
    if { [string tolower [HTTP::host]] equals "ABC.com" } {
         Check if requested URI matches for access to all
        switch -glob [HTTP::uri] {
            "/6110.aspx" -
            "/9018.aspx" -
            "/9044.aspx" -
            "/3001.aspx" {
                pool ABC_TEST_V
            }
        }
    } elseif { [string tolower [HTTP::host]] equals "ABC.com" } {
        if { [class match [IP::client_addr] equals ABC_all] } {
             Process the traffic for all IPs for URL ABC.com pool ABC_TEST_V
        } else {
             Drop the connection
            drop
        }
    }
}
when HTTP_RESPONSE {
    foreach mycookie [HTTP::cookie names] {
        HTTP::cookie secure $mycookie enable
    }
}

 

I am not sure if it's just typo when masking real data in iRule but this part dont not make sense:

 

if { [string tolower [HTTP::host]] equals "ABC.com" }

- you are trying to compare all lower letters to mix of upper and lower - no match possible at all.

 

Now second thing that is not making sense:

 

} elseif { [string tolower [HTTP::host]] equals "ABC.com" }

- second time the same comparision as in if - if you will have match in if for exact same

[string tolower [HTTP::host]] equals "ABC.com"

why again in elseif?

 

Small one but -glob When matching string to the patterns, use glob-style matching - but your are not using patterns so -glob not needed (it makes iRule a bit slower).

You have no default in switch so I assume you have default pool assigned to VS - when there is no match in switch traffic is send to this default pool, when there is match to pool ABC_TEST_V - is that as intended?

Without clarification hard to say where problem is. But form me your checks are never met so all traffic is going to default pool or to nowhere is it's not configured.

Piotr

 

when HTTP_REQUEST {
    if { [string tolower [HTTP::host]] equals "abc.com" } {
         Check if requested URI matches for access to all
        switch -glob [HTTP::uri] {
            "/6110.aspx" -
            "/9018.aspx" -
            "/9044.aspx" -
            "/3001.aspx" {
                pool ABC_TEST_V
            }
        }
    } elseif { [string tolower [HTTP::host]] equals "abc.com" } {
        if { [class match [IP::client_addr] equals ABC_all] } {
             Process the traffic for all IPs for URL abc.com pool ABC_TEST_V
        } else {
             Drop the connection
            drop
        }
    }
}

when HTTP_RESPONSE {
    foreach mycookie [HTTP::cookie names] {
        HTTP::cookie secure $mycookie enable
    }
}

 

Are your 'if' and 'elseif' trying to match on the same text? The hostname is in small case, yes the hostname is same for if and elseif statement. I am match 4 URIs if they match I send to the pool else I have to check the IP whitelisted->yes->then goto to pool