Forum Discussion
Robert_47833
Altostratus
Altostratusdisable irule process for the request not for the whole tcp connection
hi ,Iurle I need to stop irule process for the exact http request ,not for the whole tcp connection ,how to achieve this?
Understood this topic is discussing some race conditions applied on iRule http events;
client 1 --> http request1 --> F5 --> http request1 --> server client 1 --> http request2 --> F5 --> http request2 --> server client 1 --> http request3 --> F5 --> http request3 --> server client 1 <-- http request1 <-- F5 <-- http response1 <-- server client 1 <-- http request2 <-- F5 <-- http response2 <-- server client 1 <-- http request3 <-- F5 <-- http response3 <-- serverFrom LTM perspective, LTM will not process the subsequent request (but rather put it on the request queue instead)until first response is back from backend pool memeber.
Even pipelining is enabled on client side and multiple requests come in at same time, LTM will still serialize them and process them according to the sequence (FIFO).
So in our case, variable has been set in request 1 will not be messed up even request 2 comes in earlier than response 1.
Robert_47833out of curiosity, when the pool is selected , why it still need to process the other irules.
giltjr_32735Nimbostratus
Because you may still need to do other processing. We have a single VIP that front ends multiple application pools and we need to do persistence. We do persistence using the pool name and since this is not know until after the pool is selected the iRule must still continue to be executed. We also use iRule to set the X-UA-Compatible header in some situations.
giltjrFor most functions iRules are executed for each request. If you use when HTTP_REQUEST or HTTP_RESPONSE it/they will be executed on each HTTP request and response.
Now if you use when CLIENT_ACCEPTED that is not executed on each request, just when the TCP connection is established.
- Kevin_Stewart
Employee
It's important to realize that (most) iRule events are based on OSI layer events.
CLIENT_ACCEPTED is triggered when the TCP handshake completes
HTTP_REQUEST is triggered when all of the headers from the client's HTTP request are consumed
HTTP_RESPONSE is triggered when all of the headers from the server's HTTP response are consumed
SERVER_CONNECTED is triggered when the server side TCP handshake completes
And so on. It's also important to understand that the proxy triggers these events in the order of the OSI model.
TCP events (4) -> SSL events (5/6) -> HTTP events (7)and that multiple HTTP requests can exist inside a single TCP connection, and that a single SSL session can exist across multiple TCP connections. So to roughly answer your question, when a client makes an HTTP request, it must first initiate a TCP connection (if one doesn't already exist). Variables and (layer 5+) events live inside that TCP connection, so if you issue and event HTTP_REQUEST disable or HTTP::disable command, it affects all of the HTTP_REQUEST events within a single TCP connection. A new TCP connection resets that state.
out of curiosity, when the pool is selected , why it still need to process the other irules.
There are events that aren't specifically triggered by OSI layer events, including the LB events. The LB events generally happen after the HTTP request and before server side TCP.
- Robert_47833
irule1: when HTTP_request { if xxx { do something } } irule2: when HTTP_request { if xxx { do something } }after irule1 is evaluated, I want to disable irule2 in the http request level , not the tcp connection level
- Kevin_Stewart
Right, so something like this:
irule1:
when HTTP_request { if xxx { do something event HTTP_REQUEST disable } }irule2:
when HTTP_request { if xxx { do something } } - Kevin_Stewart
So you only want the HTTP request in iRule 2 to be disabled? Do you need to disable the event itself, or just the stuff inside the event (ie. is it okay if iRule 2's HTTP_REQUEST event still fires even if its content it blocked?).
- Kevin_Stewart
It'd be trickier if you wanted to disable the event completely (for that TCP connection), but you could do something like this to disable the contents of the event:
irule1:
when HTTP_request { if xxx { do something set disable 1 } }irule2:
when HTTP_request { if { [info exists disable] } { log local0. "event disabled" } else { if xxx { do something } } } - Robert_47833
one question:
can variable set in http_request be reset by the second http request if the first http request is not finished or responded? - Kevin_Stewart
Yes. iRules variables are TCP connection scoped - meaning they exist for the life of a discreet TCP connection. If you create a variable in one event you can manipulate it in another if their both in the same TCP connection. I'd also point out here that when you add multiple iRules to a VIP, and those iRules contain the same events (ex. HTTP_REQUEST), these events are compiled into one event. That's why the order of the iRules (an option in the GUI in 11.x and a "priority" option in the event declaration otherwise) is so important.
- Robert_47833
but if in http request 1, variable is set as 0, the response for this request 1 is not coming back from server.then request 2 hit irule , then change the variable to another value . is it possible? I don't wanna this happen
