Forum Discussion

Sonny's avatar
Sonny
Icon for Cirrus rankCirrus
Jun 28, 2017

Allowing users to access a VS while it's in maintenance mode

I wanted to get the community input as to what's the best way to go about letting users access a VS when you've have attached an irule which puts it in maintenance mode. Basically, the irule directs ALL users to a maintenance page. One of my collegue had an idea to use the below iRule:

 

when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]] { "/release*" { pool pool_name } "/" { pool maintenance } default { pool maintenance } } }

 

The rule looks like it would work only if you had a "release" directory in the app. Hence, I wanted to get folks input.

 

application delivery
LTM
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Jun 28, 2017

    Hi,

    you can try something like that

    when HTTP_REQUEST {
    if {[URI::query [HTTP::uri] bypassMaintenance] equals "true"} {
        HTTP::respond 302 Location [HTTP::path] "Set-Cookie" "bypassMaintenance=true;path=/"
    } elseif {[URI::query [HTTP::uri] bypassMaintenance] equals "false"} {
        HTTP::respond 302 Location [HTTP::path] "Set-Cookie" "bypassMaintenance=false;expires=Thu, 01-Jan-1970 00:00:01 GMT;path=/"
    } elseif {!([HTTP::cookie value bypassMaintenance] equals "true") } {
        pool maintenance
    }
}

    then in the browser, request 

    http://www.company.com/?bypassMaintenance=true
    all following requests will bypass maintenance pool. this add a cookie to bypass maintenance mode.

    to reactivate maintenance mode for this session, request 

    http://www.company.com/?bypassMaintenance=false
    . it will remove the cookie.

  • Samir_Jha_52506's avatar
    Samir_Jha_52506
    Icon for Noctilucent rankNoctilucent
    Jun 28, 2017

    Please find the below iRule for maintenance page.

    Do you want to move all request to maintenance page? Yes

            when HTTP_REQUEST { 
        HTTP::respond 200 content {
            
             
        Apology Page
     
     
        We are sorry, but the site you are looking for is temporarily under maintenance.
        ----------- 
        Please try after sometime or contact your system administator 
     
  
        }
    }
}

    Send request to maintenance page if VIP pool is down.

        when LB_FAILED {
          POOL-NAME is pool which you have attached to VIP
        if { [active_members POOL-NAME] < 1 } {
         Log and direct the client to Maintenance Page
        HTTP::respond 200 content {
        
        
        Apology Page
         
        
             We are sorry, but the site you are looking for is temporarily under maintenance.
        --
        Please try after sometime or contact your system administator 
         
     
            }
         }
    }

    iRules Recipe 4: Static Maintenance Page link for Maintenance Page

  • Jason0_309417's avatar
    Jason0_309417
    Icon for Cirrus rankCirrus
    Jun 28, 2017

    Here's what I use to accomplish this:

    1. An APM policy that prompts for client certificate
    2. A datagroup that lists users (by cert subject) who are allowed to acces sites down for maintenance
    3. An iRule that determines if users are are allowed to bypass maintenace mode (based off cert subject)
    4. An iFile to display a maintenace message page

    If users aren't in the bypass datagroup they see an error message generated from the iFile. If you don't use PKI, you could always use client IP, username/password, or something else to identify users.

    when ACCESS_ACL_ALLOWED priority 500 {
      set employee [ACCESS::session data get "session.ssl.cert.subject"] 
      if { [class match $employee equals maint_bypass.dg] } {
            log local0. "[virtual] maintenance mode bypassed by user: [$employee]"
         } else {
            ACCESS::respond 200 content [ifile get Maintenance_Banner.html] "Content-Type" "text/html"
         }  
   unset employee
   return
    }
}
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Jun 28, 2017

    Hi,

    you can try something like that

    when HTTP_REQUEST {
    if {[URI::query [HTTP::uri] bypassMaintenance] equals "true"} {
        HTTP::respond 302 Location [HTTP::path] "Set-Cookie" "bypassMaintenance=true;path=/"
    } elseif {[URI::query [HTTP::uri] bypassMaintenance] equals "false"} {
        HTTP::respond 302 Location [HTTP::path] "Set-Cookie" "bypassMaintenance=false;expires=Thu, 01-Jan-1970 00:00:01 GMT;path=/"
    } elseif {!([HTTP::cookie value bypassMaintenance] equals "true") } {
        pool maintenance
    }
}

    then in the browser, request 

    http://www.company.com/?bypassMaintenance=true
    all following requests will bypass maintenance pool. this add a cookie to bypass maintenance mode.

    to reactivate maintenance mode for this session, request 

    http://www.company.com/?bypassMaintenance=false
    . it will remove the cookie.