Forum Discussion
nramadan
Nimbostratus
NimbostratusDynamic Value iRule
Hi everyone,
From past days, I have been struggling an iRule that forward dynamic string from 1st URL to 2nd URL. For example
1st URL = https://example.com/uat/data/value
2nd URL = http://192.168.1.1:8080/test/controller/ticket/ticket.jsp?data=value
Condition: content of "value" variable always updating, for example: today value = 3333 and tomorrow gonna changes to 4444
when HTTP_REQUEST {
if {[string tolower [HTTP::host]] equals "https://example.com"}{
if {[string tolower [HTTP::uri]] contains "/uat/data"}{
HTTP::respond 302 noserver Location "http://192.168.1.1:8080[string map -nocase {"/test/controller/ticket/ticket.jsp?data="} [HTTP::uri]]"
}
}
}
===================================================================
when HTTP_REQUEST {
set uri [HTTP::uri]
if { [HTTP::uri] contains "/uat/data" } {
log local0. "Original URI: $uri"
HTTP::uri [string range [HTTP::uri] 400 end]
log local0. "Search Query: [HTTP::uri]"
HTTP::uri /test/controller/ticket/ticket.jsp?data=[HTTP::uri]
log local0. "New URI: [HTTP::uri]"
HTTP::redirect "http://192.168.1.1:8080[HTTP::uri]"
}
elseif { $uri starts_with "/uat/data" } {
log local0. "Original URI: $uri"
HTTP::uri [string range [HTTP::uri] 400 end]
log local0. "Search Query: [HTTP::uri]"
HTTP::uri /test/controller/ticket/ticket.jsp?data=[HTTP::uri]
log local0. "New URI: [HTTP::uri]"
HTTP::redirect "http://192.168.1.1:8080[HTTP::uri]"
}
}
I have used these 2 scripts, still got errors, any suggestions to fix this problem?
Try the iRule below.
when HTTP_REQUEST { if { [string tolower [HTTP::host]] equals "example.com" && [string tolower [HTTP::uri]] starts_with "/uat/data/" } { set value [string map -nocase {"/uat/data/" "" } [HTTP::uri]] HTTP::respond 302 noserver Location "http://192.168.1.1:8080/test/controller/ticket/ticket.jsp?data=$value" } }See the output below.
Have fun,
--Niels
nramadanThanks Niels for suggestions, but still can not redirect from 1st URL to 2nd URL.
I have checked use curl command and log that appear when trying to access 1st URL.
172.16.4.65 is IP of virtual server
====================================================================================
[admin@waf-dummy:Active:Changes Pending] ~ # curl -v --resolve example.com:80:192.168.1.1 https://example.com/uat/data/value
* Added example.com:80:192.168.1.1 to DNS cache
* Trying 172.16.4.65...
* Connected to example.com (172.16.4.65) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: CN=*.example.co.id
* start date: Mar 9 09:24:19 2023 GMT
* expire date: Apr 9 09:24:18 2024 GMT
* subjectAltName: ws.jict.co.id matched
* issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign GCC R3 DV TLS CA 2020
* SSL certificate verify ok.
> GET /uat/data/value HTTP/1.1
> Host: example.com
> User-Agent: curl/7.47.1
> Accept: */*
>
* SSL read: error:00000000:lib(0):func(0):reason(0), errno 104
* Closing connection 0
curl: (56) SSL read: error:00000000:lib(0):func(0):reason(0), errno 104[admin@waf-dummy:Active:Changes Pending] ~ # tail -f /var/log/ltm
Feb 27 09:39:36 waf-dummy err tmm2[19053]: 01220001:3: TCL error: /Common/IRULE-REDIRECT-GBOSS-DATA <HTTP_REQUEST> - Can't call after responding - ERR_NOT_SUPPORTED (line 1) invoked from within "HTTP::host"
Feb 27 09:39:36 waf-dummy err tmm3[19053]: 01220001:3: TCL error: /Common/IRULE-REDIRECT-GBOSS-DATA <HTTP_REQUEST> - Can't call after responding - ERR_NOT_SUPPORTED (line 1) invoked from within "HTTP::host"
Feb 27 09:39:36 waf-dummy err tmm[19053]: 01220001:3: TCL error: /Common/IRULE-REDIRECT-GBOSS-DATA <HTTP_REQUEST> - Can't call after responding - ERR_NOT_SUPPORTED (line 1) invoked from within "HTTP::host"
====================================================================================is there something that I should check again?
Yes, you should disable evulation of this or other attached iRule(s) when the HTTP::respond is triggered in the (first) iRule. For more information see: https://clouddocs.f5.com/api/irules/event.html and this post: https://community.f5.com/t5/technical-articles/irules-disabling-event-processing/ta-p/277009
Also see this function: HTTP::has_responded (f5.com)
- nramadan
I have tried to add "event disable" on iRule, still got same error, is there any addition again to the iRule?
