Whitelist Blacklist iRule using data group for multiple clients

Question

We are testing single VIP configuration in our test lab, where single public IP will be assigned to multiple clients, using an iRule with a data group.
iRule looks like this ---
when HTTP_REQUEST {
set pool [class match -value -- [HTTP::host] equals test_url]
if {$pool ne ""} {
pool $pool

}
}
test_url is data group which has strings mapped to appropriate pools of each client.
For example, string client1.com mapped to pool client1.net.
string client2.com mapped to pool client2.net
Now the issue is we want to include whitelist/blacklist for these clients in the same iRule if possible or even a separate iRule would be OK. Could someone suggest the syntax for whitelising/blacklisting based on client string and remote IP pair in data group?
For example, if string has client1 and matches dg_whitelist_1, allow.
if string has client2 and matches dg_whitelist_2, allow.
if string has client3 and matches dg_blacklist_1, deny.
There are also clients with no whitelist/blacklist, so it should work just fine for them within same iRule.

only1masterbla1 · Answer

You should be able to validate client IP as follow:
[IP::addr [IP::client_addr]/8 equals 10.0.0.0]&nbsp;
You may  put value 10.0.0.0 in  whitelist datagroup and check its value for comparison.&nbsp;
Further details:
https://devcentral.f5.com/wiki/iRules.IP__addr.ashx&nbsp;

Forum Discussion

Whitelist Blacklist iRule using data group for multiple clients

1 Reply

Recent Discussions

google autenticator broken barcode

Error while running ansible

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Related Content

Global Blacklist or Whitelist

F5 Distributed Cloud – Multiple custom certificates for HTTP/TCP LB

BIG-IP AFM Blacklisting Magic

Multiple Kubernetes Clusters and Path-Based Routing with F5 Distributed Cloud

Whitelist certain inbound IPs