iRule to use Data Group

1242

You might have come across a situation where only limited set of IP address need to be granted access to a web page or web services. And these IP address need updates from time to time when ever you provision the web services to your new clients. Obviously, such IP address list shouldn’t be written inside an iRule expression, otherwise you end up editing the iRule every time.

That’s where Data Group makes this an easy job for you!

Data Group is simply a store of group of related elements such as IP address (also strings or integer), so you write an iRule referring to a specific Data Group, keep adding/editing/deleting this Data Group without touching iRule at all.

Data Group is stored as part of configuration file, so in a high availability (cluster) environment, the Data Group changes are automatically mirrored to peers.

How to configure Data Group in iRule

1.Navigate to Local Traffic > iRules > Data Group List

2.Specify a unique name for Data Group List and add all the IP addresses.

For IP subnet, specify the IP address subnet along with Mask.
For single IP address, specify the IP address alone.

 

3.Create an iRule and use class match command to match remote IP address (Source IP) with Data Group named IPs. If the IP address matches, go and direct the request to pool members, otherwise redirect to a page showing ‘unauthorized access’.

when HTTP_REQUEST {
set myuri [string tolower [HTTP::uri]]
if {$myuri contains “jinwebservices”}
{
if {[class match [IP::remote_addr] equals IPs ]}
{pool iapp_uat_com_7003}
else
{HTTP::redirect “http://www.itadminguide.com/restricted”}
}
}

This answers my clients who asked me about the capacity of an individual Data Group.

Note – this is an extract from F5 Source

Whether you’re storing 100 or 100,000 entries, queries are roughly the same thanks to the indexed, hashed format of data groups. This makes them far and away the best option for storing large lists of data as well as frequently performed queries that can be represented in a read-only fashion. The bottom line is: If you’re not updating the data in the list, and you’re dealing with more than a handful of items, be it strings, IPs or otherwise, datagroups are likely your best bet.

· ·


Related Articles & Comments

Thank you for visiting us. To continue receiving updates, please Subscribe to our Social Media Channels.

Google+
FACEBOOK
RSS
YOUTUBE
Menu Title
%d bloggers like this: