Abed_AL-R
Mar 22, 2021Cirrostratus
replacing irule with policy
Hello guys
I'm trying to replace this iRule with policy:
when CLIENT_ACCEPTED {
set allowed 0
if { [class match -- [whereis [IP::client_addr] country] equals country_list] or
[class match [IP::client_addr] equals internal_addresses] } {
set allowed 1
}
}
when HTTP_REQUEST {
if { $allowed } {
#log local0. "Valid client IP: [whereis [IP::client_addr] country]"
} else {
HTTP::respond 403 content {Country Not Allowed}
#log local0. "Blocked client IP: [IP::client_addr] [whereis [IP::client_addr] country]"
}
}
I already have a policy with implicit rule to forward all traffic to ASM
So I'm trying to add a rule above it to reset all traffic that does not match those two datagroups:
country_list
internal_addresses
But as you can see, when using "is not", the "in datagroup" disabled and cannot be checked
This only happens in "Geo. IP" condition
I have 13.1.3.4 by the way
What can be does to solve this?