Forum Discussion
Sam10
Altostratus
Altostratusclient connection persistence using an irule
I am working on an application setup. All the connections to the VS are from a reverse proxy and the client connection need to a persistence session.
reverse proxy will fwd client ip in the header , i need to use that client IP and setup a persistence session, How can i achieve this.
Hi,
You can use this irule. Replace the header name to the name the reverse proxy is inserting.
# Name: persist_xff_uie # # To be used with UIE Persistence Profile # # Checks HTTP Request for 'X-Forwarded-For' header and if exists takes the first 'X-Forwarded-For' IP address as sets as # Persist identifier. # If the 'X-Forwarded-For' header does not exist then the client IP address is set as Persist identifier. when HTTP_REQUEST { if {[HTTP::header X-Forwarded-For] != ""} then { persist uie [lindex [ split [lindex [HTTP::header values X-Forwarded-For] 0] "," ] 0] } else { persist uie [IP::client_addr] } }Cheers,
Kees
Lee_SutcliffeNacreous
This might give you some ideas.
The iRule will set a persistence record after the pool member has responded.
On subsequent requests (when the variable $clientIp exists) it will persist on the record it has added.
Just be cautious of this method. The client IP could be a NATed IP, so depending on what content you're serving, you could accidentally bleed other user sessions.
when HTTP_REQUEST { if {[info exists clientIp]} { persist uie $clientIp } elseif {[HTTP::header exists "client-ip"]} { set clientIp [HTTP::header value "client-ip"] } } when HTTP_RESPONSE { if {[info exists clientIp]} { persist add uie $clientIp } }(this iRule has only been syntax checked)
Sam10can this irule work when i see the iv- remote address in the header , I need source IP persistence for that iv-remote address.
when HTTP_REQUEST {
if {[info exists clientIp]} {
persist uie $clientIp
} elseif {[HTTP::header exists "header iv-remote-address"]} {
set clientIp [HTTP::header value "header iv-remote-address"]
}
}
when HTTP_RESPONSE {
if {[info exists clientIp]} {
persist add uie $clientIp
}
}
- Lee_Sutcliffe
Sorry for late reply, I've been away. Your header name doesn't look right, you can't have whitespace in the header name, I think you mean
[HTTP::header exists "iv-remote-address"]Other than that it should be fine, just try it by replacing "client-ip" in my iRule example and with the name of the header you're looking for.
- Sam10
applied this to the uie profile.
when HTTP_REQUEST {
if {[HTTP::header does exists iv-remote-address]} {
persist uie [HTTP::header value iv-remote-address]
}
}
when HTTP_RESPONSE {
if {[HTTP::header exists iv-remote-address]} {
persist add uie [HTTP::header value iv-remote-address]
}
}
and trying to apply this to the VS config and running into syntax errors.
when HTTP_REQUEST {
if { [HTTP::header exists "iv-remote-address"] } {
log local "iv-remote-address is [HTTP::header value iv-remote-address]
persist uie [HTTP::header value iv-remote-address] }
else {
log local "persist on[IP::client_addr]
persist uie [IP::client_addr] }
}
- Sam10
Lee
I tried with client -ip it dint work as when i look into the packet header i see iv-remote-addess or x-forwaded for info.
when HTTP_REQUEST {
if {[HTTP::header exists iv-remote-address]} {
persist uie [HTTP::header value iv-remote-address]
}
}
when HTTP_RESPONSE {
if {[HTTP::header exists iv-remote-address]} {
persist add uie [HTTP::header value iv-remote-address]
}
}
when i create a uie persistence profile , can i use the parent source IP or it had to be something different and also in the above irule if the header does not have the client ip info i need the packet to be dropped .Can i create a seperate irule to validate the header and apply the persistence irule to the IUE persistence profile and the above iRule to the VIP itself
