Forum Discussion
DM_5174
Nimbostratus
Nimbostratus-- HELP PUTTING MULTIPLE IRULES TOGETHER
Hi All,
I was wondering if I can get the help of all the i-rule gurus here on this site.
We have 3 i-rules that i would like to put together as one, but for some reason
It is not working when I try to consolidate as one i--rule.
Here is the objective of the irule.
I-rule 1. This will send inbound connection to another server pool if the
URL ends with /APPxx
I-Rule 2. This will use the class data-group to only allow IP address that is defined for inbound connections to the WEBLOGIC pool during maintenance window, all other connections from external clients will need to get sent to the maintenance page "http://www.mainsite.com/maintenance/emergencydown.htm".
I-Rule 3. This is an additional monitor that will verify all members in the WEBLOGIC pool are up. If all the hosts are down, users regardless should get sent to the emergency downpage.
PROBLEM: When I consolidate the 3 i-rules together, I-Rule 1 does not seem to work. I connect, but when try to go to /APPxx, I get a error from the LTM that it can not find this directory. Please help, since rule 1 and 2 is most important and needs to work together.
I-RULE 1 Sends inbound connection to APACHE SVR POOL if URL ends with /APP.."
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::uri]] {
"/APP01*" -
"/APP02*" -
"/APP03*" -
"/APP004*" -
"/APP5*"
{
use pool APACHE-SERVER-POOL
}
default {
use pool WEBLOGIC-SERVER-POOL
}
}
I-RULE 2 Check if client IP is in the datagroup
if {[matchclass [IP::client_addr] equals $::ALLOW-DURING-MAINTENANCE]}{
pool WEBLOGIC-SERVER-POOL
} else {
HTTP::redirect "http://www.mainsite.com/maintenance/sched-maintenance.htm"
}
I-RULE 3 monitor members of pool and if down will send to emergency notification page, will also set the timer to return client to host URL
set stime 10
If the WEBLOGIC POOL is down, redirect to the emergency notification page
if { [active_members WEBLOGIC-SERVER-POOL] < 1 } {
HTTP::redirect "http://www.mainsite.com/maintenance/emergencydown.htm"
}
}
Thank you in advance!
L4L7_53191Can you post your consolidated rule? Also, you can eliminate 3 by defining a fallback host in a custom HTTP profile for your Weblogic VIP.
-Matt
DM_5174Here is the i-rule...For some reason, I get a 404 and it does not look like it is working..
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::uri]] {
"/APP01*" -
"/APP02*" -
"/APP03*" -
"/APP004*" -
"/APP05*"
{
use pool APACHE-SERVER-POOL
}
default {
use pool WEBLOGIC-SERVER-POOL
}
}
if {[matchclass [IP::client_addr] equals $::ALLOW-DURING-MAINTENANCE]}{
pool WEBLOGIC-SERVER-POOL
} else {
HTTP::redirect "http://www.mainsite.com/maintenance/sched-maintenance.htm"
}
set stime 10
If the WEBLOGIC POOL is down, redirect to the emergency notification page
if { [active_members WEBLOGIC-SERVER-POOL] < 1 } {
HTTP::redirect "http://www.mainsite.com/maintenance/emergencydown.htm"
}
}- DM_5174This is what I have so far. It seems to work half way, but for some reason when I add a "/APPxx" after going to
http://www.myportal.com/app01, it does not redirect me to the apache server pool. I get a "404" error from the LTM.
What is working is, when I connect from an IP address listed in the data class, I get a 404 (this is good), and if I am coming from any other IP address not defined in this group, I get the "sched-maintenace.htm" page. This simulate that during our maintenance window, all connecting external users should see the maintenace page, however QA users connecting from one of our subnets defined in the data class group should not see the sched maintenance window. They are sent to the WEBLOGIC pool, and if the servers in this pool is down, they will see the 404, if it is up, they will see the regular login page.
Please help with why I can not use the /APPxx string to get sent to the APACHE pool.
when HTTP_REQUEST {
set stime 10
switch -glob [string tolower [HTTP::uri]] {
"/APP01*" -
"/APP02*" -
"/APP03*" -
"/APP004*" -
"/APP05*"
{
use pool APACHE-SERVER-POOL
}
}
Check if client IP is in the datagroup
if {[matchclass [IP::client_addr] equals $::ALLOW-DURING-MAINTENANCE]}{
pool WEBLOGIC-SERVER-POOL
} else {
HTTP::redirect "http://www.mainsite.com/maintenance/sched-maintenance.htm"
}
} - The_BhattmanHi AH,
The string map is still showing CAPs Use lower case. Also I am assuming that you want the IF statement to be checked first and not process the SWITCH statement. Here is what the code looks likewhen HTTP_REQUEST { Check if client IP is in the datagroup if {[matchclass [IP::client_addr] equals $::ALLOW-DURING-MAINTENANCE]}{ pool WEBLOGIC-SERVER-POOL return } else { HTTP::redirect "http://www.mainsite.com/maintenance/sched-maintenance.htm" return } set stime 10 switch -glob [string tolower [HTTP::uri]] { "/app01*" - "/app02*" - "/app03*" - "/app004*" - "/app05*" { use pool APACHE-SERVER-POOL } } }
I hope this helps
Bhattman - DM_5174Hi Bhattman,
I tried the irule again, the IP address defined in the data group gets routed to the "WEBLOGIC-SERVRE-POOL" and all other client coming from IP addresses other than that gets the maintenace page. The problem still exist where if I come from the source network defined in the data group, when I go to HTTP://www.my-weblogic-server-pool.com/APP01 or /APP02, I get the follow error below. I does not seem I am getting correct sent to the "APACHE-SERVER-POOL" when I specify this in the URI.
THIS ERROR IS PRODUCED WHEN YOU SPEFICY "/app01" etc..
Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.5 404 Not Found
Thank you! 
hoolioCirrostratus
The logic in iRule 2 is going to always either send clients to the weblogic pool or redirect them. So if you have that first, you'll never allow anyone to get to the apache pool.
I think you need to clarify which actions you want to take and then try to combine the iRules. Do you want to check the request for the "app..." URIs first and select the apache pool. For non-matching URIs, do you then want to select either the weblogic pool or redirect the client based on client IP address? Also, do you actually want to perform the maintenance check all of the time? Or just during maintenance periods? If only during maintenance periods, it probably doesn't make sense to have the iRules combined.
Aaron- DM_5174Hi Aaron,
Here is an example of our current Production Irule. When users connecting they get the weblogic login page first, however after successfully logging into the portal and clicking on the apps link (i.e. /APP..), they get redirected to the APACHE pool since those contents are hosted on the apache server and not the weblogic or if they enter https://www.my-weblogic-server.com/APP01 "with the /APP.." in the URI, they will get prompted to login first before they are served up the contents off of the APACHE servers.
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::uri]] {
"/APP01*" -
"/APP02" -
"/APP03" -
"/APP04" -
"/APP05*"
{
use pool APACHE-POOL
}
default {
use pool WEBLOGIC-POOL
}
}
}
What we want to accomplish is.
1. Allow only our QA dept to access the portal (it is not down during maintenance) to test. Their source IP is defined in the Data group.
2. send all users with IP address not defined in the datat group/class to the maintenace page so they do not login by mistake.
3. When the QA team login, they should be able to have the same ability to the portal as the i-rule defined above (they are able to get forwarded to the apche pool based on the /app... link they select.
Thank you for your help.
-AH - The_BhattmanHi AH,
Here is the script reworked based on my understand of what you would like to do
How it works is that if anyone NOT matching Datagroup ALLOW-DURING-MAINTENANCE is sent to the maintenance page. All others presumably in the ALLOW-DURING-MAINTENANCE datagroup will be sent to the either the APACHE-SERVER-POOL or WEBLOGIC-POOL based the URI.
Does this sound more like what you wanted?when HTTP_REQUEST { Check if client IP is in the datagroup if {!([matchclass [IP::client_addr] equals $::ALLOW-DURING-MAINTENANCE])}{ HTTP::redirect "http://www.mainsite.com/maintenance/sched-maintenance.htm" } else { set stime 10 switch -glob [string tolower [HTTP::uri]] { "/app01*" - "/app02*" - "/app03*" - "/app004*" - "/app05*" { pool APACHE-SERVER-POOL } default { pool WEBLOGIC-POOL } } } }
Bhattman - DM_5174That did it...YOU ARE THE MAN BHATTMAN!
Thanks again!
