Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

How to Content Match by Source IP

If you wish to content match based on an IP address or IP ranges and send traffic to particular servers or SubVSs, please follow the steps below in the LoadMaster Web User Interface (WUI):

  1. In the main menu, select Rules & Checking and Content Rules.
  2. Click Create New.
  3. Enter a recognizable Rule Name, for example match_Src.
  4. Select Content Matching as the Rule Type.
  5. Select Regular Expression as the Match Type.
  6. Enter src-ip in the Header Field.
  7. Enter the text to be matched in the Match String text box.
  8. Fill out any other fields as needed.
  9. Click Create Rule.
  10. Repeat the steps to perform more matches.
  11. In the main menu, select Virtual Services and View/Modify Services.
  12. Click Modify on the relevant Virtual Service.
  13. Expand the Advanced Properties section.
  14. Enable Content Switching.
  15. Expand the Real Servers section.
  16. Click None on the relevant Real Server.
  17. Add match_Src.
  18. Repeat the steps to add any more content rules as needed.

The above example will only match one specific IP address. You can also use regular expressions to match ranges.

Below is an example of a regular expression to match ranges:

This example will match IP addresses in the range 192.168.0.0 to 192.168.255.254

/^192.168.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[0-9][0-9]?).(25[0-4]|2[0-4][0-9]|1[0-9]{2}|[1-9][0-9]?)$/

The above Regex string would be entered in the Match String field in the Create Rule screen.

Th


Was this article helpful?
1 out of 2 found this helpful

Comments

Avatar

Permanently deleted user

http://www.analyticsmarket.com/freetools/ipregex
"This tool takes a range of IP addresses and generates a single regular expression that matches all IP addresses in the range"

0

Avatar

itadmin.canada

What if the real server goes down? The traffic from the IP the matches that rule is forwarded for the next available real server?

0

Avatar

Permanently deleted user

No, it is not sent to the next available server.

If you have a rule that specifies certain IP(s) to a real server, and the real server is down, then the whatever is configured in the 'Not Available Redirection Handling' will be invoked.

you cant try creating a VS, with subvs.

Assign the rule to a subvs, and have multiple RS's inside the subvs.

0

Avatar

user user

we had to add a Regex string our system (7.2.59.2.22338.RELEASE) but it does not work :( only one IP address working

0

Avatar

Muhammad Saad

Kindly assist, what shingle IP address I'm writing in the match string. Still the server is accessible and if I select fail on match as well, then server is not accessible from any IP address.
Please assist and guide if I'm doing anything wrong

0

Avatar

Bill DeCastro

Muhammad,

This is expected behavior. Applying the rule to the real server without Fail On Match disabled will allow content to connect to that real server. With Fail On Match enabled, content should not be sent to that server. The reason content is not sent to the server from any IP address is that the IP of other devices have not been matched to allow connectivity to that server.

Please let us know if this clarifies.

0

Avatar

Muhammad Saad

Fine Sir, thank you
Now I am trying to test the range of IP addresses as well but its not working.
Can you guide me on that please

0