Forum Discussion
ant77
Cirrostratus
CirrostratusCheck code for ordering of events and accuracy
Hi Everyone, Can someone please check the code below to ensure we are doing the correct things for accuracy... Objective: Since all internal users egress out via a FW and through a CDN and back ...
JRahm
Admin
AdminI'd probably rewrite the rule to look something like this (make sure to test, no guarantees):
when HTTP_REQUEST priority 500 {
set CHECK_IP [lindex [lsearch -all -inline -not -exact [split [HTTP::header values X-Forwarded-For] "\{\} ,"] {}] 0]
switch -glob -- [HTTP::uri] {
"*/app1/abc/portal/Tracker*" -
"*/app2/cde/Tracker*" -
"*/app3/wps/portal/CaseTracker*" {
if { ([class match -- $CHECK_IP eq DG-INTERNAL-USERS-XFF]) } {
if { [HTTP::uri] contains "/app2/Tracker" } {
HTTP::redirect "https://[HTTP::host]/new-app2/Tracker"
return
} else {
HTTP::redirect "https://[HTTP::host]/app1/old/portal/Tracker/"
return
}
}
}
}
log local0. "the X-Forwarded-For header value is $CHECK_IP"
if { !([class match -- $CHECK_IP eq DG-INTERNAL-USERS-XFF]) } {
if { [class match -- [HTTP::uri] eq DG-URI-LIST] } {
reject
return
}
pool EXTERNAL-POOL
} else {
pool INTERNAL-POOL
}
}Some notes:
- I like to explicitly return after a redirect, there's no need for the iRule to continue processing
- I added "--" to the class and switch commands to terminate option processing
- I moved the redirects up top since that isn't furthering the connections toward your pool resources
You understand your app, so make sure this makes sense and test, test, test (and not in production.)
ant77Cirrostratus
CirrostratusThank you Jason! Your version is a much cleaner and better way of doing it...Thanks again!
