Forum Discussion
Sonny
Cirrus
CirrusAllowing users to access a VS while it's in maintenance mode
I wanted to get the community input as to what's the best way to go about letting users access a VS when you've have attached an irule which puts it in maintenance mode. Basically, the irule directs ALL users to a maintenance page. One of my collegue had an idea to use the below iRule:
when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]] { "/release*" { pool pool_name } "/" { pool maintenance } default { pool maintenance } } }
The rule looks like it would work only if you had a "release" directory in the app. Hence, I wanted to get folks input.
Hi,
you can try something like that
when HTTP_REQUEST { if {[URI::query [HTTP::uri] bypassMaintenance] equals "true"} { HTTP::respond 302 Location [HTTP::path] "Set-Cookie" "bypassMaintenance=true;path=/" } elseif {[URI::query [HTTP::uri] bypassMaintenance] equals "false"} { HTTP::respond 302 Location [HTTP::path] "Set-Cookie" "bypassMaintenance=false;expires=Thu, 01-Jan-1970 00:00:01 GMT;path=/" } elseif {!([HTTP::cookie value bypassMaintenance] equals "true") } { pool maintenance } }then in the browser, request
all following requests will bypass maintenance pool. this add a cookie to bypass maintenance mode.http://www.company.com/?bypassMaintenance=trueto reactivate maintenance mode for this session, request
. it will remove the cookie.http://www.company.com/?bypassMaintenance=false
Samir_Jha_52506Noctilucent
Please find the below iRule for maintenance page.
Do you want to move all request to maintenance page? Yes
when HTTP_REQUEST { HTTP::respond 200 content { Apology Page We are sorry, but the site you are looking for is temporarily under maintenance. ----------- Please try after sometime or contact your system administator } } }Send request to maintenance page if VIP pool is down.
when LB_FAILED { POOL-NAME is pool which you have attached to VIP if { [active_members POOL-NAME] < 1 } { Log and direct the client to Maintenance Page HTTP::respond 200 content { Apology Page We are sorry, but the site you are looking for is temporarily under maintenance. -- Please try after sometime or contact your system administator } } }iRules Recipe 4: Static Maintenance Page link for Maintenance Page
Jason0_309417Here's what I use to accomplish this:
- An APM policy that prompts for client certificate
- A datagroup that lists users (by cert subject) who are allowed to acces sites down for maintenance
- An iRule that determines if users are are allowed to bypass maintenace mode (based off cert subject)
- An iFile to display a maintenace message page
If users aren't in the bypass datagroup they see an error message generated from the iFile. If you don't use PKI, you could always use client IP, username/password, or something else to identify users.
when ACCESS_ACL_ALLOWED priority 500 { set employee [ACCESS::session data get "session.ssl.cert.subject"] if { [class match $employee equals maint_bypass.dg] } { log local0. "[virtual] maintenance mode bypassed by user: [$employee]" } else { ACCESS::respond 200 content [ifile get Maintenance_Banner.html] "Content-Type" "text/html" } unset employee return } }
Stanislas_Piro2Cumulonimbus
Hi,
you can try something like that
when HTTP_REQUEST { if {[URI::query [HTTP::uri] bypassMaintenance] equals "true"} { HTTP::respond 302 Location [HTTP::path] "Set-Cookie" "bypassMaintenance=true;path=/" } elseif {[URI::query [HTTP::uri] bypassMaintenance] equals "false"} { HTTP::respond 302 Location [HTTP::path] "Set-Cookie" "bypassMaintenance=false;expires=Thu, 01-Jan-1970 00:00:01 GMT;path=/" } elseif {!([HTTP::cookie value bypassMaintenance] equals "true") } { pool maintenance } }then in the browser, request
all following requests will bypass maintenance pool. this add a cookie to bypass maintenance mode.http://www.company.com/?bypassMaintenance=trueto reactivate maintenance mode for this session, request
. it will remove the cookie.http://www.company.com/?bypassMaintenance=false