Redirect Rule for 'IP Source Address' "is not in list" expression not matching lst

General Rules
1

What is the name of the domain?

example.com

What is the issue you’re encountering

I made an IP list and published into it the IP’s I want to allow, everything else I want to redirect to another site

What steps have you taken to resolve the issue?

tried different expressions
called my CF sales engineer and tried his suggestions
opened a support ticket
writing this topic in community to share results if I get it working

What are the steps to reproduce the issue?

If I remember correctly parenthesis don’t post very well in the community forum so my apologies if this is hard to read

browse to website from a computer in my list of IP’s I want to allow (NOT redirect) and it gets redirected, other IP’s I don’t want to allow are getting redirected as well.

There is no “error” the redirect rule is not parsing the expression correctly

tried:
(http.host contains “something1_example_com” and not ip.src in $admin_allow_list) or (http.host contains “something2_example_com” and not ip.src in $admin_allow_list)

this by itself
(http.host contains “something1_example_com” and not ip.src in $admin_allow_list)

custom expression parenthesis’d a different way
(http.host contains “something1_example_com”) and (not (ip.src in $admin_allow_list))

exclaimation instead of the word not
((http.host contains “something1_example_com”) and !(ip.src in $admin_allow_list))

2

substitute _ for . in the http.host (I was given an error msg that I was limited to number of links I can include in a post)

3

Please put your expressions into Preformatted Text (ctrl+e or the </> icon) . That also bypasses the problem with too many links.

What does currently happen? Does everyone get redirected? No one? Or can’t you save the rule at all?

5

Everyone is getting redirected including the admins who I don’t want to redirect.

Trying to handle this in a redirect rule with a list because my CF sales engineer tells me that IP Access rules are going to be phased out in favor of doing this list method.

6 
(http.host contains “something1.example.com” and not ip.src in $admin_allow_list) or (http.host contains “something2.example.com” and not ip.src in $admin_allow_list)

Cool thank you I’ll try to remember that (pretty new to posting here :smile: )

1 Like
9

It seems there was an issue with newly created lists that has been fixed just now.

Can you try again? Maybe edit and save the rule?

Also, I’d rewrite the rule to this for simplicity:

(http.host contains “something1.example.com” or http.host contains “something2.example.com”) and not ip.src in $admin_allow_list)
1 Like
10

HAHA yep, that was exactly how I had it written for the 4 hosts and Support suggested I split it out because they thought it might be a problem with the OR’s and my SE said instead of using http.host equals I should use contains because equals apparently can be finnicky in his words :wink:

I think you’re right the problem must have only been temporary, and for whatever reason it is still affecting that rule I was editing, a new rule for just one host is working, I’m going to write a new rule for all four hosts and try it again

1 Like
11

hello-it
hello-it1280×719 146 KB

Thanks @Laudian, deleting and re-creating the original rule is working now :smiley_cat:

2 Likes
12

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.