Forum Discussion
jeff_mccombs_47
Nimbostratus
Nimbostratus"chaining" iRules?
Hey peeps.
I'm trying to figure out a way to chain rules together, but I'm not quite understanding how best to go about it.
What I'd like to be able to do is set up a re-usable set of rules that all sites we host get. So for example, I could have a rule that inspects the HTTP method type and drops requests for TRACE/TRACK/PROFIND etc. Another for working with Universal persistence, maybe some debug rules that could be added to log relevant information when troubleshooting, etc.
It would seem, that because you can add multiple rules to a VS, that this should be possible? Is this possible?
If so, is the order in which the rules are run based on which order they are applied to a VS? How do you code such a thing, can you have multiple "when HTTP_REQUEST{}" blocks?
Am I totally crazy for even suggesting this?
4 Replies
- You aren't crazy at all. Check out my tech tip on Events that describes how to use the "priority" command to control the processing order of like events.
http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=165
Click here
-Joe 
jeff_mccombs_47Posted By Joe on 04/09/2009 12:41 PM
You aren't crazy at all. Check out my tech tip on Events that describes how to use the "priority" command to control the processing order of like events.http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=165
Click here
-Joe
EXACTLY what I was looking for. Thank you!
1gw_60162I just read the iRules 101 - 11 Events explanation and am excited about writing more modular iRules. What I am confused about though is how variables work across iRules within a virtual server. What I would like to accomplish is a set of generic rules which may be used in multiple VS's, plus one unique iRule for each VS that initializes the variables for that specific VS... so each VS's resources would look something like...
VS1 Resources:
vs1_config_irule
generic_http_https_redirect_irule
generic_authentication_irule
generic_cookie_persistence_irule
etc.
VS2 Resources:
vs2_config_irule
generic_http_https_redirect_irule
generic_authentication_irule
generic_cookie_persistence_irule
etc.
... and each VS's customization would not interfere with the others' nor require the generic iRules to be customized. Each generic iRule would get it's config from the config iRule assigned to the VS. I think this should be possible, but am confused about the scope of local and global variables, as well as which event block the variable initialization should be located (if in RULE_INIT then I assume it would affect all VS's, not just the one's the iRule is assigned to).- hoolio
Cirrostratus
That's a good plan for configuring generic rules with a per-VIP iRule.
Global variables are accessible across all virtual servers and all connections. Local variables are accessible in just the individual TCP (for a TCP-based VIP) connection.
As you found, any variable set in RULE_INIT is implicitly created as a global variable. So you would need to define the local variables (specific to one TCP connection) in an event after RULE_INIT, like CLIENT_ACCEPTED or HTTP_REQUEST.
Aaron
