For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

engineer_88_203's avatar
engineer_88_203
Icon for Nimbostratus rankNimbostratus
Oct 05, 2015

Cookie Persistence by URI Question

Hi,

I have multiple (custom) applications being served through one virtual server with a relatively simple iRule that sets the destination pool based upon the URI (e.g. site.com/uri1 or site.com/uri2). What I have been told by the developers is that their application does not function very well with cookie persistence enabled and they would like for us to disable cookie persistence for one specific application (or one specific URI for how we handle this) in the VS. I am currently using the default cookie persistence profile in LTM to enable persistence.

That said, I would like to do something like the following iRule (abbreviated from its original) and have the cookie disabled in the iRule instead of creating two (or more) virtual servers. To simplify, I have two nodes in two pools and both pools are web-front ends. The reality is I have about 5 application pools with their own URI set up in this iRule (but abbreviated because they basically do the same thing but point to different pools).

when HTTP_REQUEST { set dest_pool "" set use_ssl 1 switch -glob [HTTP::uri] { "/app1*" { set dest_pool app1_pool set use_ssl 1 set app_url_rewrite 1 }

  "/app2*"
  {
     persist none
     set dest_pool app2_pool
     set use_ssl 1
     set app_url_rewrite 1
  }

Assuming I use a round robin Load Balancing Method, I tested connecting to app2, but the statistics on the pool make it look like it's still going to the same node in the app2 pool regardless of how I set the load balancing method with the cookie persist profile on the VS. Only by destroying the cookie manually or closing out my browser window can I go to the other member because it is set again by the F5.

Looking around the forum (e.g. here), I would think that I'm doing this wrong and there's just something simple that I'm missing... Either way, is it possible to have a line or two in my iRule so I can disable cookie persistence without needing to write a new iRule? I would assume that I would need to set up the iRule to look at the cookie that is inserted and if the cookie inserted starts with what I am looking for, then have it be dropped, but I was hoping I could just put in something even simpler like "persist none" into my rule and make it work.

Thoughts?

Thanks in advance for the help! Sorry if this is a long-winded post...

application delivery
availability
design
devops
iRules
LTM
performance

2 Replies

  • engineer_88_203's avatar
    engineer_88_203
    Icon for Nimbostratus rankNimbostratus
    Oct 05, 2015
    when HTTP_REQUEST {
   set dest_pool ""
   set use_ssl 1
   switch -glob [HTTP::uri] {
      "/app1*"
      {
          set dest_pool app1_pool
          set use_ssl 1
          set app_url_rewrite 1
      }

      "/app2*"
      {
          persist none
          set dest_pool app2_pool
          set use_ssl 1
          set app_url_rewrite 1
      }

    Edited: updated formatting to better show the iRule... sorry, I couldn't edit my original post.

  • engineer_88_203's avatar
    engineer_88_203
    Icon for Nimbostratus rankNimbostratus
    Oct 08, 2015

    Working with one of the F5 gurus, I think we found a solution. Without using the OneConnect profile, it looks like we needed to add the 

    LB::detach
    command to our iRule:

      "/app2*"
  {
      LB::detach
      persist none
      set dest_pool app2_pool
      set use_ssl 1
      set app_url_rewrite 1
  }

    This link led me the information I needed to do what I was hoping to do.

    This second link will help folks that use 

    LB::reselect
    in case you ever run into this issue.

    I hope that helps folks out there too!