For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

wick54's avatar
wick54
Icon for Nimbostratus rankNimbostratus
Sep 25, 2019

Block URIs and forward traffic 2 pools on same VIP

Hi Team,

 

We currently have a requirement for single VIP to host 2 URLs and also check URI and only allow 4 specific URIs.

I currently have it as 2 different VIPs with 2 pool and have an irule attached to it block URIs as below which is working as expected to allow specifc URIs

 

when HTTP_REQUEST {

               switch -glob [HTTP::uri]]  

                              "/abc*" -

                              "/bcd*" -

                              "/efg*" -

                              "/cvy" -

                              {

 

                              }

                              default

                              {

                                             drop

                              }

                           }

                }

 

I have prepared another irule which can be used to pass the traffic specific pool depending on the hostname.

 

when HTTP_REQUEST {

 

set hostname [string tolower [HTTP::host]]

  switch $hostname {

    "abc.com" {

      pool abc_pool

    }

    default {

       do nothing use the pool for VIP

    }

  }

}

 

Can I combine these irules to achieve which i wanted or would it be easier to use ltm policy?

application delivery
iRules
LTM

1 Reply

  • Enes_Afsin_Al's avatar
    Enes_Afsin_Al
    Icon for MVP rankMVP
    Sep 26, 2019

    Hi wick54,

    Can you try this iRule?

    when HTTP_REQUEST {
	switch -glob [string tolower [HTTP::uri]] {
		"/abc*" -
		"/bcd*" -
		"/efg*" -
		"/cvy*" {
			switch -glob [string tolower [HTTP::host]] {
				"abc.com" { pool abc_pool }
				"xyz.com" { pool xyz_pool }
				default {
					# do nothing use the pool for VIP
					# or drop
				}
			}
		}
		default { drop }
	}
}