Forum Discussion
NimbostratusAssist in Writing the below script with using Data Group String Class
when CLIENT_ACCEPTED { set default_pool [LB::server pool] log local0. "Default pool [LB::server pool] set" log local0. "Client IP is [IP::remote_addr]" }
when HTTP_REQUEST { set http_uri [string tolower [HTTP::uri]] log local0. "requested [HTTP::uri]" if {$http_uri equals "/" } { HTTP::redirect "https://apbuild.leni2.com/SEUILibrary/controller/e/web/LenovoPortal/en_US/catalog.workflow:test-home" pool pool_apbuild.leni2.com_https log local0. "redirected from /"
return
} elseif { $http_uri starts_with "/iss_static" } {
log local0. "matched /iss_static"
pool pool_confarmct.leni2.com_http
log local0. "pool_confarmct.leni2.com_http defined, [LB::server pool] selected" return
} elseif { $http_uri starts_with "/" } { log local0. "URI starts with /" set http_uri_temp [string tolower [HTTP::uri]] scan $http_uri_temp {%[^?]:%s} http_uri http_param
switch -glob $http_uri {
".css" { pool pool_confarmct.leni2.com_http log local0. "css object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".htc" { pool pool_confarmct.leni2.com_http log local0. "htc object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected"
} "*.gif" { pool pool_confarmct.leni2.com_http log local0. "gif object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected"
} ".jpg" { pool pool_confarmct.leni2.com_http log local0. "jpg object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected"
} ".tif" { pool pool_confarmct.leni2.com_http
log local0. "tif object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".png" { pool pool_confarmct.leni2.com_http
log local0. "png object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".bmp" { pool pool_confarmct.leni2.com_http log local0. "bmp object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".ico" { pool pool_confarmct.leni2.com_http log local0. "ico object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected"
} ".htm" { pool pool_confarmct.leni2.com_http log local0. "ico object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected"
} ".avi" { pool pool_confarmct.leni2.com_http
log local0. "avi object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".mp3" { pool pool_confarmct.leni2.com_http
log local0. "mp3 object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".wav" { pool pool_confarmct.leni2.com_http log local0. "wav object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".mpg" { pool pool_confarmct.leni2.com_http log local0. "mpg object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".swf" { pool pool_confarmct.leni2.com_http
log local0. "swf object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".fla" { pool pool_confarmct.leni2.com_http
log local0. "fla object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".flv" { pool pool_confarmct.leni2.com_http
log local0. "flv object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".pdf" { pool pool_confarmct.leni2.com_http
log local0. "pdf object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".psd" { pool pool_confarmct.leni2.com_http
log local0. "psd object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".zip" { pool pool_confarmct.leni2.com_http
log local0. "zip object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".rar" { pool pool_confarmct.leni2.com_http
log local0. "rar object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".jar" { pool pool_confarmct.leni2.com_http
log local0. "jar object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".js" { pool pool_confarmct.leni2.com_http
log local0. "js object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".xml" { pool pool_confarmct.leni2.com_http
log local0. "xml object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".shtml" { pool pool_confarmct.leni2.com_http log local0. "shtml object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".as" { pool pool_confarmct.leni2.com_http
log local0. "as object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".bik" { pool pool_confarmct.leni2.com_http log local0. "bik object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".ppt" { pool pool_confarmct.leni2.com_http
log local0. "ppt object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".doc" { pool pool_confarmct.leni2.com_http
log local0. "doc object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".txt" { pool pool_confarmct.leni2.com_http log local0. "txt object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".exe" { pool pool_confarmct.leni2.com_http
log local0. "exe object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".eot" { pool pool_confarmct.leni2.com_http
log local0. "eot object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } "*.woff" { pool pool_confarmct.leni2.com_http
log local0. "woff object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".ttf" { pool pool_confarmct.leni2.com_http
log local0. "ttf object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } ".svg" { pool pool_confarmct.leni2.com_http
log local0. "svg object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" }
default { pool pool_apbuild.leni2.com_https
log local0. "no object match. Pool pool_ctbuild_test_http, [LB::server pool] selected" } }
} else {
log local0. "no match for rev. close connection"
HTTP::close
}
}
10 Replies
- Kevin_Stewart
Employee
Perhaps something like this:
when CLIENT_ACCEPTED { set default_pool [LB::server pool] log local0. "Default pool [LB::server pool] set" log local0. "Client IP is [IP::remote_addr]" } when HTTP_REQUEST { set http_uri [string tolower [HTTP::uri]] log local0. "requested [HTTP::uri]" if {$http_uri equals "/" } { HTTP::redirect "https://apbuild.leni2.com/SEUILibrary/controller/e/web/LenovoPortal/en_US/catalog.workflow:test-home" pool pool_confarmct.leni2.com_http log local0. "redirected from /" return } elseif { $http_uri starts_with "/iss_static" } { log local0. "matched /iss_static" pool pool_confarmct.leni2.com_http log local0. "pool_confarmct.leni2.com_http defined, [LB::server pool] selected" return } elseif { [class match [string tolower [HTTP::path]] ends_with my_file_ending_dg] } { pool pool_confarmct.leni2.com_http log local0. "[class match -name [string tolower [HTTP::path]] ends_with my_file_ending_dg] - object $http_uri pool_confarmct.leni2.com_http defined [LB::server pool] selected" } else { log local0. "no match for rev. close connection" HTTP::close } }Where "my_file_ending_dg" is a string-based data group. Example:
".css" := "" ".doc" := "" ".txt" := "" ".svg" := "" ".avi" := "" ... 
Parveez_70209Hi Kevin,
So, alongwith that: I need to create the below right:
To create a string data group: my_file_ending_dg:
1.On the Main tab of the navigation pane, expand Local Traffic, and click iRules. The iRules screen opens. 2.On the menu bar, click Data Group List. 3.In the upper right corner of the screen, click Create. 4.In the Name box, type a unique name for the data group, such as my_file_ending_dg. 5.In the Type box, select String. The screen expands to show the string-specific settings. 6.In the String box, type the first string for the data group. 7.Click Add. The entry appears in the String Records box. 8.Repeat steps 6 and 7 until you have entered all strings. 9.Click Finished.
To add below list into my_file_ending_dg:
.css .htc .gif .jpg .tif .png .bmp .ico .htm .avi .mp3 .wav .mpg .swf .fla .flv .pdf .psd .zip .rar .jar .js .xml .shtml .as .bik .ppt .doc .txt .exe .eot .woff .ttf .svg
- Kevin_Stewart
That looks about right.
- Parveez_70209
Thank you, will apply the rulles today.
Thanks and Regards
- Parveez_70209
Hi Kevin,
The above rules are not working good with HTTPS request, upon giving the password authentication, it is not going anywhere
- Kevin_Stewart
Are you offloading SSL at the BIG-IP - do you have a client SSL profile assigned to the virtual server?
- Parveez_70209
no SSL, is it something acticex issue ??
- Kevin_Stewart
So just to clarify, you do NOT have a client SSL profile applied to the VIP?? If that's the case, then this (nor any layer 7 protocol) iRule will not work. You need to be able to see the unencrypted data to be able to work with it.
- Parveez_70209
Ok Kevin, so is this the reason that HTTP is working good, but not HTTPS ? so for HTTPS, if we enable only client SSL profile, is that going to be good.
Thanks and Regards Parveez
- Kevin_Stewart
Well it depends. You're currently passing SSL all the way through, so your servers are listening on SSL. If you want to keep it that way then you also need to apply a server SSL profile to the VIP. I would only add that the appliances have a pretty powerful SSL offloading capacity, so if you don't absolutely need SSL at the backend server, you're likely to see a performance improvement if you don't re-encrypt to the backend server.
