Forum Discussion
Corey_Smith_174
Nimbostratus
NimbostratusChanging destination pool/port based on initial message on encrypted streams
On a plaintext stream it is possible to select a pool/member/port by using a method similar to:
when CLIENT_ACCEPT {
TCP::collect 1
}
when CLIENT_DATA {
if { [regexp {SOMETAG=(.+)} [TCP::payload] match source] } {
if { $source == "BLAH" } {
pool mypool
} else {
pool myotherpool
}
}
}
This same code will not work on a virtual server with a client SSL profile because TCP::payload will be encrypted.
One idea would be to try to use STREAM to do something similar:
when CLIENT_ACCEPT {
STREAM::enable
STREAM::expression {@SOMETAG=.*@}
}
when STREAM_MATCHED {
if { [regexp {SOMETAG=(.+)} [STREAM::match] match source] } {
if { $source == "BLAH" } {
pool mypool
} else {
pool myotherpool
}
}
}
Unfortunately the only time STREAM_MATCHED will fire is if the socket is already connected to a pool member. LB_SELECTED *always* fires before STREAM_MATCHED. If you try to select a pool in STREAM_MATCHED you get the error:
TCL error: Rule YOURRULE - Address in use (line 1) invoked from within "pool mypool"
Any ideas on how I can get this to work?
- I think the first code snippet looks fine except for the length of 1 on your TCP::collect command. You'd need to collect more than one byte to match a string like that.
Colin
