Forum Discussion

atoth's avatar
atoth
Icon for Cirrus rankCirrus
Jan 24, 2014

Client accessing both redirect and default pool in irule.

Working with the below irule. One of our app teams has complained that when the client is trying to access both the redirect and default pools as part of their of application, it fails. So what happens is their establishing a session, which takes them to the redirect pool, which works, but then the app sends them to the default pool, which fails. Any suggestions on what could be modified here?

when HTTP_REQUEST {
set usessl 0
switch -glob [HTTP::path] {
"/foo/bar/" -
"/foo/baa/" { 
snat ~ip address~
set usessl 1
pool redirect-443 }
default {
set usessl 0
pool default-80
} 
} 
}
when SERVER_CONNECTED {
if { $usessl == 0 } {
SSL::disable
}
}
application delivery
design
devops
iRules

7 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Jan 24, 2014

    First thing, you can probably streamline the iRule a little bit:

     

    when HTTP_REQUEST { 
    switch -glob [HTTP::uri] { 
        "/foo/bar/_*" - 
        "/foo/baa/_*" { 
            snat automap
            pool redirect-443 
        } 
        default { 
            SSL::disable serverside
            pool default-80 
        } 
    } 
}

    Second thing is that it now depends on HOW it's failing. For instance, you left out the rest of the snat command in your sample code, so assuming you were pointing to Automap or a specific snat pool. Do you intend to not apply a snat for default pool traffic? What does the redirect look like?

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jan 25, 2014

    So what happens is their establishing a session, which takes them to the redirect pool, which works, but then the app sends them to the default pool, which fails.

     

    does it work if client accesses to only the default pool?

     

  • atoth's avatar
    atoth
    Icon for Cirrus rankCirrus
    Jan 25, 2014

    If the client accesses the redirect, it works fine, and it works fine if the client just accesses the default pool. Its only when the app tries to combine the two where its failing.

     

    • atoth's avatar
      atoth
      Icon for Cirrus rankCirrus
      Jan 27, 2014
      Are you suggesting using the default OneConnect profile? If not, what options should be used with it?
    • atoth's avatar
      atoth
      Icon for Cirrus rankCirrus
      Jan 27, 2014
      Are you suggesting using the default OneConnect profile? If not, what options should be used with it?