Forum Discussion
Dylan_McCurry_1
Nimbostratus
NimbostratusAsynchronously hit an external web service from an iRule?
I'm trying to create an irule which captures traffic to various URLs. What I need to do is have the irule issue an async'd HTTP request to a web service I've created on every HTTP 200 response that flows through my BigIP. This will allow me to effectively audit the pages my users navigate to.
I was looking at HTTP::retry but I don't think that will solve the problem. How do I issue a request (and ignore the response) from an iRule without interrupting the current traffic? Should I attempt to do this in separate threads?
An iRule SideBand connection could solve your problem, if I understand your request properly: https://devcentral.f5.com/wiki/irules.SIDEBAND.ashx
There are other good examples of side band on DevCentral as well.
Dylan_McCurry_1I'm going to give this a try!
- Kevin_Stewart
Employee
If I may add, just be advised that making a sideband call on each request, for each user, may 1) create latency, 2) drive CPU a bit higher than you'd want it, and 3) require the extra effort of creating the sideband content itself. If, however, you absolutely wanted to do a sideband call and you don't care about a response, you could just use the connect and send commands, and set timeout and idle values for each to some very low numbers.
- nitass
It turns out my BigIP is on version 10. Is there a better way to do this without using a sideband?
what about using hsl?
HTTP Request Cloning via iRules, Part 1 by Colin Walker
https://devcentral.f5.com/articles/http-request-cloning-via-irules-part-1.U3n9wihhdQI - Kevin_Stewart
Any chance you can reconsider the web service approach and maybe do something like a syslog server or a transparent IDS-like service? You can very easily dump as much or as little as you want into a syslog message. If either side of the proxy is decrypted (non-SSL), then you could use a clone pool to basically mirror all traffic flowing across that interface (for that VIP) to a remote device. In either case you wouldn't get a response, so you wouldn't have to ignore one.
