I'm wondering if the following logic is possible on the ACEs.
First Match is:
class-map type http loadbalance match-any CM7-MatchSrcIP
10 match source-address 192.168.0.0 255.255.0.0
20 match source-address 172.16.0.0 255.255.0.0
class-map type http loadbalance match-any CM7-URLs
10 match http url /testing.*
class-map type http loadbalance match-all CM7-WWW
10 match class-map CM7-MatchSrcIP
20 match class-map CM7-URLs
If the above URL and IP sources are matched, I want to send to a specific SF. (easy enough)
If the URL matches /testing.* but source IP address doesn't match of any of the above subnets, I want to redirect to a 'restricted' page. (ummm)
If the URL is something else (e.g. /temporary.*) with any IP source address, I want it to be load-balanced by a different SF (say like in a class-default)
Thx in adv
Sure you can try this on the ACE, you already created most of the configuration so now just need to apply the maps under the first-match policy.
According to your description this is how this policy should look like:
policy-map type loadbalance first-match SLB_LOGIC
- ACE checks for testing plus IP address matching.
- If user belongs to any other subnet then SF restricted is used.
- If none of the above statements is matched then defaul class map and SF is used.