Forum Discussion
AdamFoot_1451
Nimbostratus
NimbostratusCookie and URI Decisions
Hi all,
Could someone just check this over for me please.The goal is to add some
persistence based on version cookie,so we can direct version specific traffic to specific pools.
In addition we also need to direct traffic for a specific URI out of a different SNAT,so it can be checked by a passive AV proxy.
Requirements are:
1. No cookie , so the request goes to the default pool.
2. Version cookie exists and matches the URI so send out of a different SNAT to the AV gateway pool.
3. There is a version cookie but no matching URI.
I've put together the following which the LTM accepts.In addition to it working,I need to make it as efficient as possible.Is this the best way to do this?
when HTTP_REQUEST {
Set deault pool
set defpool [LB::server pool]
Extract the Cookie
set ID [findstr [HTTP::cookie "CookieX"] "Cookie" 10 ";"]
Extract the URI
set my_uri [string tolower [HTTP::uri]]
Log the values
log local0. "ID is $ID default pool is $defpool"
If no Cookie exists
if {($ID equals "")} {
log local0. "sending user to pool $defpool"
pool $defpool
If there is a cookie and a URI of /AttachmentShare/Upload.aspx
}
elseif {[$my_uri contains "/AttachmentShare/Upload.aspx"] and [ $ID not equals ""] } {
log local0. "URI contains $my_uri sending user to pool pool$ID"
[pool AVpool$ID] and [snatpool SNAT_$ID]
}
else {
If there is a cookie but no URI
pool pool$ID
}
}
Thanks in advance,
Adam
Andy_Herrman_22Looks good to me. The only efficiency things I can think of would be to turn off the logs when you actually deploy this (otherwise you could fill up the logs pretty fast), and use 'starts_with' instead of 'contains' in your findstr call (assuming that path you're looking for is the absolute path. If there could be other path elements before it then 'starts_with' wouldn't work right).
-Andy- AdamFoot_1451Hi ,still working this through. Made it more efficient and removed the cookie checks but I'm now getting a syntax error and can't work out where the problem is.
Error: May 20 12:44:54 tmm tmm[10850]: 01220001:3: TCL error: Rule AF_Attach - invalid command name "" while executing "[snatpool SNAT_10.10.10.10] and [pool AVG1] "
iRule
------
when HTTP_REQUEST {
Extract the URI
set url [HTTP::host][HTTP::uri]
set vip [IP::local_addr]:[TCP::local_port]
set my_uri [string tolower [HTTP::uri]]
log local0.info "URL is $url VIP is $vip URI is $my_uri "
If Attachment URI exists
if {$my_uri contains "/attachmentshare/upload.aspx"}
{
[snatpool SNAT_10.10.10.10] and [pool AVG1]
log local0. "sending user to attachment pool AVG1 SNAT_20.146.203.122"
} else {
log local0.info "sending user to default pool [LB::server pool] "
pool [LB::server pool]
}
log local0.info "URL is $url VIP is $vip URI is $my_uri "
}
Can someone please take a look.
Thanks,
Adam 
hoolioCirrostratus
Hi Adam,
The square braces execute the return value of the pool command. If you remove them from the snatpool and pool commands the syntax error should be resolved.
Also, LB::server pool will return the name of the currently selected pool. If the first request is to the upload page, the currently selected pool will be AVG1. If there is another HTTP request on the same TCP connection, the currently selected pool will still be set to the AVG1 pool. If you save the LB::server pool value at the beginning of the connection it will be the default pool configured on the VIP.
Lastly, it would be more exact to check if the HTTP::path is/ends with "/attachmentshare/upload.aspx". The URI includes the query string (anything the question mark in the URI) whereas the path doesn't.
How about this?when CLIENT_ACCEPTED { Save the name of the default pool of the VIP set default_pool [LB::server pool] } when HTTP_REQUEST { log local0.info "URL is [HTTP::host][HTTP::uri], VIP is [IP::local_addr]:[TCP::local_port] URI is [HTTP::uri]" If Attachment URI exists if {[string tolower [HTTP::path]] ends_with "/attachmentshare/upload.aspx"}{ snatpool SNAT_10.10.10.10 pool AVG1 log local0. "sending user to attachment pool AVG1 SNAT_20.146.203.122" } else { log local0.info "sending user to default pool $default_pool" pool default_pool } }
This is based off of your most recent rule. However, it looks like you removed any logic regarding cookies. Do you not need to account for users who do/don't have a specific cookie?
Aaron- AdamFoot_1451Hi Aaron,
Thanks for the steer.I think I'm there now..
when HTTP_REQUEST {
Extract the Cookie
set ID [findstr [HTTP::cookie "CookieX"] "Cookie" 10 ";"]
Extract the URI
set my_uri [string tolower [HTTP::uri]]
Log the values
log local0.info "ID is $ID default pool is [LB::server pool] URI is $my_uri"
If no Cookie exists
if {($ID equals "")} {
log local0.info "sending user to pool [LB::server pool]"
pool [LB::server pool]
Cookie and attachment URI exist
}
elseif { ($my_uri ends_with "/attachmentshare/upload.aspx") and not ($ID equals "")} {
log local0.info "URI contains $my_uri sending user to pool AVPool$ID"
pool AVG$ID
snatpool SNAT$ID
}
else
{
Cookie but no attachment URI
log local0.info "Cookie found sending user to Pool Pool$ID"
pool Pool$ID
}
}
Logging wil be removed for the live environment.
Thanks,
Adam