L__G_
Sep 28, 2017Altostratus
Irules restrict access to an URI for only several IPs
Hello,
Could you help me with this irule and data-group (LTM : 10.2.3) ?
I want to restrict access to an URI (containing "TEST") for only few IPs. But it doesn't work. I catch the string "TEST" in the URI but i never go (and log) into PERMIT section.
ltm data-group TEST_AllowedAddresses {
partition IN-PARTITION
records {
10.20.30.1%1/32 {
data host1
}
10.30.40.1%1/32 {
data host2
}
10.20.30.2%1/32 {
data host4
}
10.20.40.5%1/32 {
data host3
}
}
type ip
}
when HTTP_REQUEST {
if { [HTTP::uri] contains "TEST" } {
log local0. "[IP::client_addr] URI CONTAINS TEST"
if { [class match [IP::client_addr] equals TEST_AllowedAddresses] } {
log local0. "[IP::client_addr] PERMIT"
pool pool-www.site.com
}
else {
log local0. "[IP::client_addr] REDIRECT"
HTTP::redirect http://www.perdu.com
}
}
else {
log local0. "[IP::client_addr] URI DO NOT CONTAINS TEST"
pool pool-www.site.com
}
}
Here are the logs :
Sep 27 18:09:51 local/tmm1 info tmm1[5093]: Rule TEST-restrict : 10.20.30.1%1 URI CONTAINS TEST
Sep 27 18:09:51 local/tmm1 info tmm1[5093]: Rule TEST-restrict : 10.20.30.1%1 REDIRECT