For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

pt_73812's avatar
pt_73812
Icon for Nimbostratus rankNimbostratus
Jan 26, 2010

dash in URI breaking pool selection?

Hello all,

 

 

I've run into a problem with an irule I'm working on. Basically, if there is a dash in the uri, the rule does not seem to pick it up correctly unless there's a trailing slash at the end of the uri. This is a snippet of the code I'm working with:

 

 

when HTTP_REQUEST {   
       if { [HTTP::path] equals "/" } {   
         pool unix_servers   
   } elseif { [string tolower [HTTP::uri]] starts_with "/tv/my-link" } {    
   pool windows_servers   
   } elseif { [string tolower [HTTP::uri]] starts_with "/tv" } {   
   pool unix_servers   
   } else {   
           pool windows_servers     
            }       
      }

 

 

Now, if I go to http://www.xyz.com/tv/my-link in my browser, not only am I not being sent to the windows pool, but the url that shows up in the browser is http://www.xyz.com/tv

 

If I go to http://www.xyz.com/tv/my-link/ I get sent to the correct windows pool and get the correct content.

 

 

Can I not have a dash in the uri? Or is something else causing the problem?
application delivery
dev
devops
iRules

12 Replies

Show More
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Jan 28, 2010
    As you're explicitly defining a pool for all cases in the iRule, I don't think you actually need to use a OneConnect profile. See this post for more info/test examples:

     

     

    http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&tpage=1&view=topic&postid=3392157229

     

     

    It's still useful to add a OneConnect profile though to allow for more efficient reuse of serverside connections. If you're not using SNAT you can add a custom OneConnect profile with a 255.255.255.255 source mask. This allows LTM to reuse serverside connections for the same source IP address. If you are using SNAT then you can use a OC profile with a /0 mask for even more efficient pooling of serverside connections.

     

     

    This wiki page has some good info on using OneConnect:

     

    http://devcentral.f5.com/wiki/default.aspx/AdvDesignConfig/oneconnect.html

     

     

    And SOL7208 has additional info:

     

     

    SOL7208: Overview of the OneConnect profile

     

    https://support.f5.com/kb/en-us/solutions/public/7000/200/sol7208.html

     

     

    I'm not sure whether there is a valid case where you'd want to enable OneConnect transformations on an HTTP profile while not using a OneConnect profile. I guess the rewriting of the Connection: close would allow more requests to be sent on the same TCP connection without the server trying to close the connection.

     

     

    Aaron