Forum Discussion

Sonny's avatar
Sonny
Icon for Cirrus rankCirrus
Jun 28, 2017

Allowing users to access a VS while it's in maintenance mode

I wanted to get the community input as to what's the best way to go about letting users access a VS when you've have attached an irule which puts it in maintenance mode. Basically, the irule directs ALL users to a maintenance page. One of my collegue had an idea to use the below iRule:

 

when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]] { "/release*" { pool pool_name } "/" { pool maintenance } default { pool maintenance } } }

 

The rule looks like it would work only if you had a "release" directory in the app. Hence, I wanted to get folks input.

 

  • Hi,

    you can try something like that

    when HTTP_REQUEST {
        if {[URI::query [HTTP::uri] bypassMaintenance] equals "true"} {
            HTTP::respond 302 Location [HTTP::path] "Set-Cookie" "bypassMaintenance=true;path=/"
        } elseif {[URI::query [HTTP::uri] bypassMaintenance] equals "false"} {
            HTTP::respond 302 Location [HTTP::path] "Set-Cookie" "bypassMaintenance=false;expires=Thu, 01-Jan-1970 00:00:01 GMT;path=/"
        } elseif {!([HTTP::cookie value bypassMaintenance] equals "true") } {
            pool maintenance
        }
    }
    

    then in the browser, request

    http://www.company.com/?bypassMaintenance=true
    all following requests will bypass maintenance pool. this add a cookie to bypass maintenance mode.

    to reactivate maintenance mode for this session, request

    http://www.company.com/?bypassMaintenance=false
    . it will remove the cookie.

  • Please find the below iRule for maintenance page.

    Do you want to move all request to maintenance page? Yes

            when HTTP_REQUEST { 
            HTTP::respond 200 content {
                
                 
            Apology Page
         
         
            We are sorry, but the site you are looking for is temporarily under maintenance.
            ----------- 
            Please try after sometime or contact your system administator 
         
      
            }
        }
    }
    

    Send request to maintenance page if VIP pool is down.

        when LB_FAILED {
              POOL-NAME is pool which you have attached to VIP
            if { [active_members POOL-NAME] < 1 } {
             Log and direct the client to Maintenance Page
            HTTP::respond 200 content {
            
            
            Apology Page
             
            
                 We are sorry, but the site you are looking for is temporarily under maintenance.
            --
            Please try after sometime or contact your system administator 
             
         
                }
             }
        }
    

    iRules Recipe 4: Static Maintenance Page link for Maintenance Page

  • Here's what I use to accomplish this:

    1. An APM policy that prompts for client certificate
    2. A datagroup that lists users (by cert subject) who are allowed to acces sites down for maintenance
    3. An iRule that determines if users are are allowed to bypass maintenace mode (based off cert subject)
    4. An iFile to display a maintenace message page

    If users aren't in the bypass datagroup they see an error message generated from the iFile. If you don't use PKI, you could always use client IP, username/password, or something else to identify users.

    when ACCESS_ACL_ALLOWED priority 500 {
          set employee [ACCESS::session data get "session.ssl.cert.subject"] 
          if { [class match $employee equals maint_bypass.dg] } {
                log local0. "[virtual] maintenance mode bypassed by user: [$employee]"
             } else {
                ACCESS::respond 200 content [ifile get Maintenance_Banner.html] "Content-Type" "text/html"
             }  
       unset employee
       return
        }
    }
    
  • Hi,

    you can try something like that

    when HTTP_REQUEST {
        if {[URI::query [HTTP::uri] bypassMaintenance] equals "true"} {
            HTTP::respond 302 Location [HTTP::path] "Set-Cookie" "bypassMaintenance=true;path=/"
        } elseif {[URI::query [HTTP::uri] bypassMaintenance] equals "false"} {
            HTTP::respond 302 Location [HTTP::path] "Set-Cookie" "bypassMaintenance=false;expires=Thu, 01-Jan-1970 00:00:01 GMT;path=/"
        } elseif {!([HTTP::cookie value bypassMaintenance] equals "true") } {
            pool maintenance
        }
    }
    

    then in the browser, request

    http://www.company.com/?bypassMaintenance=true
    all following requests will bypass maintenance pool. this add a cookie to bypass maintenance mode.

    to reactivate maintenance mode for this session, request

    http://www.company.com/?bypassMaintenance=false
    . it will remove the cookie.