Forum Discussion
Anand_128528
Nimbostratus
NimbostratusCombine Client accepted and http_request.
I have an requirement to forward a source IP to particular pool member. Since I already have http_request configured is it a good idea to add client_accepted into the same irule ?
when HTTP_REQUEST {
if { [HTTP::host] == "my fqdn" } { HTTP::redirect "https://myfqdn/irj/portal/" pool pool_t_portal }
if { [HTTP::uri] equals "/" or [HTTP::uri] equals "/index.html" or [HTTP::uri] equals "/webdynpro/welcome/Welcome.jsp" } { HTTP::redirect "https://[HTTP::host]/irj/portal/" } if { [HTTP::uri] starts_with "/~" and [HTTP::uri] ends_with "index.html"} { HTTP::redirect "https://[HTTP::host]/irj/portal/" } if { [HTTP::uri] starts_with "/uddiclient" or [HTTP::uri] equals "/uddiclient/process"} { HTTP::redirect "https://[HTTP::host]/irj/portal/" } if { [HTTP::uri] equals "/nwa" } { HTTP::redirect "https://[HTTP::host]/irj/portal/" }
}
when CLIENT_ACCEPTED { if {[IP::addr [IP::client_addr] equals "src.src.src.src"]}{ pool "pool_q_portal" member dst.dst.dst.dst}
}
Vitaliy_SavransNacreous
In you irule client_accepted must be before http_request because. Client_accepted event (for TCP connections) happens when the three-way handshake successfully completes and http_request follows after it.
Anand_128528Hi Savranskiy I did that earlier and none of the connections were successful so I split http_request and client_accepted into two different irules. So now my query is which comes first If I intend to add both irules. So your answer is put client_accepted first. Let me try this today.
- Vitaliy_Savrans
Here you can find irule references.
- nitass
Employee
i think you may have to disable HTTP_REQUEST event or skip HTTP_REQUEST event if traffic matches condition in CLIENT_ACCEPTED event.
iRules: Disabling Event Processing by Deb Allen
https://devcentral.f5.com/articles/irules-disabling-event-processing.UvI3CLSjZQI - Anand_128528
We have 70K users and I want to filter one of the user to land in one nominated pool member rest of users can be assigned by RoundRobin. In such cases what would be the best rule ?
- Kevin_Stewart
Two things:
-
The order of the events in the iRule is not important. The compiler will reorganize and optimize the code as required.
-
Because IP data is available to all events after TCP, you can skip the CLIENT_ACCEPTED event altogether and perform your IP::client_addr check directly inside the HTTP_REQUEST event. You'll obviously need to reorganize your conditional logic to accommodate, but it should ultimately make you iRule simpler.
-
- Anand_128528
Hello Kevin
Then can I do it as below , Sorry I am new to F5. when HTTP_REQUEST {
if { [IP::addr [IP::client_addr] equals src.src.src.src] } { pool my_pool member dst.dst.dst.dst }
if { [HTTP::host] == "fqdn" } { HTTP::redirect "https://fqdn/irj/portal/" pool pool_t_portal }
if { [HTTP::uri] equals "/" or [HTTP::uri] equals "/index.html" or [HTTP::uri] equals "/webdynpro/welcome/Welcome.jsp" } { HTTP::redirect "https://[HTTP::host]/irj/portal/" } if { [HTTP::uri] starts_with "/~" and [HTTP::uri] ends_with "index.html"} { HTTP::redirect "https://[HTTP::host]/irj/portal/" } if { [HTTP::uri] starts_with "/uddiclient" or [HTTP::uri] equals "/uddiclient/process"} { HTTP::redirect "https://[HTTP::host]/irj/portal/" } if { [HTTP::uri] equals "/nwa" } { HTTP::redirect "https://[HTTP::host]/irj/portal/" }
}
- Kevin_Stewart
Try this:
when HTTP_REQUEST { if { [IP::addr [IP::client_addr] equals src.src.src.src] } { pool my_pool member dst.dst.dst.dst } elseif { [string tolower [HTTP::host]] == "fqdn" } { HTTP::redirect "https://fqdn/irj/portal/" pool pool_t_portal } elseif { ( [HTTP::uri] equals "/" ) or ( [string tolower [HTTP::uri]] equals "/index.html" ) or ( [string tolower [HTTP::uri]] equals "/webdynpro/welcome/welcome.jsp" ) } { HTTP::redirect "https://[HTTP::host]/irj/portal/" } elseif { ( [HTTP::uri] starts_with "/~" ) and ( [string tolower [HTTP::uri]] ends_with "index.html" ) } { HTTP::redirect "https://[HTTP::host]/irj/portal/" } elseif { ( [string tolower [HTTP::uri]] starts_with "/uddiclient" ) or ( [string tolower [HTTP::uri]] equals "/uddiclient/process" ) } { HTTP::redirect "https://[HTTP::host]/irj/portal/" } elseif { [string tolower [HTTP::uri]] equals "/nwa" } { HTTP::redirect "https://[HTTP::host]/irj/portal/" } }
