Manual Chapter : Common elements file for iRules

Applies To:

Show Versions Show Versions

BIG-IP ASM

  • 14.0.0
Manual Chapter

Common elements file for iRules

  1. Locate the relevant sample iRule contained in an online version of this document and copy the iRule text.
  2. On the Main tab, click
    Local Traffic
    iRules
    .
    The iRule List screen opens, displaying any existing iRules.
  3. Click
    Create
    .
    The New iRule screen opens.
  4. In the
    Name
    field, type a name, such as
    my_irule
    .
    The full path name of the iRule cannot exceed 255 characters.
  5. In the
    Name
    field, type a unique name for the iRule.
    The full path name of the iRule cannot exceed 255 characters.
  6. In the
    Definition
    field, type the syntax for the iRule using Tool Command Language (Tcl) syntax.
    For complete and detailed information iRules syntax, see the F5 Networks DevCentral web site (
    http://devcentral.f5.com
    ).
  7. In the
    Definition
    field, paste the iRule text that you copied in the previous step.
  8. Within the iRule text, edit the values of the static variables that define the high-speed logging pool, the host name, and the string data group, to match your specific configuration.
  9. Within the iRule text, edit the value of the static variable
    dcfw_vdg
    to match the name of the string data group for your specific configuration.
  10. Click
    Finished
    .
    The new iRule appears in the list of iRules on the system.
  11. On the Main tab, click
    Local Traffic
    iRules
    iFile List
    .
  12. On the Main tab, click
    Local Traffic
    iRules
    iFile List
    .
  13. In the Name column, view the list of iFiles that you peviously created on the BIG-IP system.
  14. Click
    Create
    .
  15. In the
    Name
    field, type a new name for the iFile, such as
    ifileURL
    .
  16. From the
    File Name
    list, select the name of the imported file object, such as
    1k.html
    .
  17. Click
    Finished
    .
    The new iFile appears in the list of iFiles.
  18. On the Main tab, click
    Local Traffic
    iRules
    Data Group List
    .
    The Data Group List screen opens, displaying a list of data groups on the system.
  19. Click
    Create
    .
    The New Data Group screen opens.
  20. In the
    Name
    field, type a unique name for the data group.
    You must use this exact name for the data group. Otherwise, the iRule that you assign to the virtual server for implementing access control will not process successfully.
  21. From the
    Type
    list, select
    Address
    .
  22. Using the
    Address Records
    setting, add each IP address that you want to include in the data group:
    1. For the
      Type
      setting, select
      Host
      or
      Network
      .
    2. In the
      Address
      field, type an IP address.
    3. If the address type is
      Network
      , type a network mask in the
      Mask
      field.
    4. In the
      Value
      field, type
      none
      .
    5. Click
      Add
      .
    6. Repeat these steps for each IP address you want to include in the data group.
  23. Using the
    Address Records
    setting, add each IP address that you want to include in the data group:
    1. In the
      Address
      field, type the IP address in CIDR format.
      The supported format is address/prefix, where the prefix length is in bits. For example, an IPv4 address/prefix is
      10.0.0.1
      or
      10.0.0.0/24
      , and an IPv6 address/prefix is
      ffe1::0020/64
      or
      2001:ed8:77b5:2:10:10:100:42/64
      . When you use an IPv4 address without specifying a prefix, the BIG-IP system automatically uses a
      /32
      prefix.
    2. In the
      Value
      field, type
      none
      .
    3. Click
      Add
      .
    4. Repeat these steps for each IP address you want to include in the data group.
  24. In the
    Name
    field, type a unique name for the data group.
  25. In the
    Name
    field, type a unique name for the data group.
    An example of a data group name is
    cluster_snatpool_dg
    .
  26. From the
    Type
    list, select
    String
    .
  27. From the
    Type
    list, select
    Integer
    .
  28. Using the
    String Records
    setting, create entries consisting of a virtual server name and a data group name:
    1. In the
      String
      field, type the name of the virtual server (using lowercase characters only) for which you want to implement access control using data groups and an iRule.
      An example of a virtual server entry is
      /common/fwtest-bigip1
      .
    2. In the
      Value
      field, type the name of the relevant address data group.
    3. Click
      Add
      .
    4. Repeat these steps for each virtual server you want to include in this data group.
      Each specified virtual server can represent the same destination IP address as the other virtual servers, but must have a unique port name or port number.
  29. Using the
    Integer Records
    setting, create tag mapping entries consisting of an integer (client tag) and a value (server tag):
    1. In the
      Integer
      field, type a value to be used for a specific client.
    2. In the
      Value
      field, type a value that is substituted on the server.
    3. Click
      Add
      .
      The new mapping between the integer and corresponding value appears in the list of Integer Records.
  30. Using the
    String Records
    setting, create entries consisting of a BIG-IP device name and a SNAT pool name:
    1. In the
      String
      field, type the fully-qualified domain name of a BIG-IP system in the device group (using lowercase characters only).
      An example of an entry is
      bigip_1.ecmp.test.com
      .
    2. In the
      Value
      field, type the name of a SNAT pool.
    3. Click
      Add
      .
    4. Repeat these steps for each BIG-IP device and SNAT pool that you want to include in this data group.
    The result should look similar to this:
    bigip_1.ecmp.test.com:= snat-pool-1 bigip_2.ecmp.test.com:= snat-pool-2 bigip_2.ecmp.test.com:= snat-pool-2
  31. Click the
    Import
    button.
    .
  32. Click
    Finished
    .
    The new data group appears in the list of data groups.
>When you later assign the access control iRule to the specified virtual server, the virtual server allows traffic from the IP addresses listed in the
dg-dcf-shownetworks
data group.