Forum Discussion
Roman_80473
Nimbostratus
Oct 10, 2011Error sending traffic to the pool
Hi folks,
I need to redirect traffic to different pools based on user uri WITHOUT CHANGING THE URL. So, if the user types www.domain.com or www.domain.com/start or /landing or /login, I should redirect them to the "login" servers (LOGIN_POOL). Any other requests should go to "utility" servers (UTILITY_POOL).
In my iRule, after checking HTTP::uri (either empty or equals to "/start" or "/login") and issuing "pool LOGIN_POOL", I get 404 error. The only time it actually works is if the uri is "/landing". This is because the servers inside LOGIN_POOL have apps with "/landing" context roots.
Is there a way to send traffic to a specific POOL or VIP with the uri different from what the user has typed? The HTTP::redirect works but it exposes the internal url.
Any help is greatly appreciated.
Roman
- Michael_Yates
Nimbostratus
Hi Roman,when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]] { "/start*" - "/landing*" - "/login*" { pool login_pool } default { pool utility_pool } } }
- nitass
Employee
e.g.[root@iris:Active] config b virtual bar list virtual bar { snat automap destination 172.28.17.33:http ip protocol tcp rules myrule profiles { http {} tcp {} } } [root@iris:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { switch [string tolower [HTTP::uri]] { "/" - "/start" - "/landing" - "/login" { HTTP::uri "/" pool login_pool } default { pool utility_pool } } } } [root@iris:Active] config b pool login_pool list pool login_pool { members 10.10.70.110:http {} } [root@iris:Active] config b pool utility_pool list pool utility_pool { members 10.10.70.120:http {} } 1) curl -I http://172.28.17.33/ New TCP connection 1: 172.28.16.50(60036) <-> 172.28.17.33(80) 1318315141.9987 (0.0012) C>S --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.17.33 Accept: */* --------------------------------------------------------------- New TCP connection 2: 10.10.72.30(60036) <-> 10.10.70.110(80) 1318315141.9992 (0.0003) C>S --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.17.33 Accept: */* --------------------------------------------------------------- 2) curl -I http://172.28.17.33/start New TCP connection 3: 172.28.16.50(60055) <-> 172.28.17.33(80) 1318315185.4511 (0.0005) C>S --------------------------------------------------------------- HEAD /start HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.17.33 Accept: */* --------------------------------------------------------------- New TCP connection 4: 10.10.72.30(60055) <-> 10.10.70.110(80) 1318315185.4515 (0.0003) C>S --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.17.33 Accept: */* --------------------------------------------------------------- 3) curl -I http://172.28.17.33/landing New TCP connection 5: 172.28.16.50(60068) <-> 172.28.17.33(80) 1318315216.6526 (0.0006) C>S --------------------------------------------------------------- HEAD /landing HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.17.33 Accept: */* --------------------------------------------------------------- New TCP connection 6: 10.10.72.30(60068) <-> 10.10.70.110(80) 1318315216.6530 (0.0003) C>S --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.17.33 Accept: */* --------------------------------------------------------------- 4) curl -I http://172.28.17.33/login New TCP connection 7: 172.28.16.50(52288) <-> 172.28.17.33(80) 1318315239.7149 (0.0013) C>S --------------------------------------------------------------- HEAD /login HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.17.33 Accept: */* --------------------------------------------------------------- New TCP connection 8: 10.10.72.30(52288) <-> 10.10.70.110(80) 1318315239.7152 (0.0002) C>S --------------------------------------------------------------- HEAD / HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.17.33 Accept: */* --------------------------------------------------------------- 5) curl -I http://172.28.17.33/anythingelse New TCP connection 9: 172.28.16.50(52302) <-> 172.28.17.33(80) 1318315273.0769 (0.0012) C>S --------------------------------------------------------------- HEAD /anythingelse HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.17.33 Accept: */* --------------------------------------------------------------- New TCP connection 10: 10.10.72.30(52302) <-> 10.10.70.120(80) 1318315273.0774 (0.0003) C>S --------------------------------------------------------------- HEAD /anythingelse HTTP/1.1 User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.17.33 Accept: */* ---------------------------------------------------------------
- Roman_80473
Nimbostratus
Mike and nitass, - If images aren't showing up, odds are you are changing the URIs for image requests as well. You might need to include another case in your switch statement handling images (ie. "*.gif" and leave those URIs alone). You would need to use the "-glob" to allow for wildcards btw...
- Roman_80473
Nimbostratus
Joe, - Great, glad to help! Feel free to ask away if anything else comes up...
- Roman_80473
Nimbostratus
Joe, - So you are saying that if you connect directly to your secured web service (not through the BIG-IP), you have things working (after keystore configuration), but when you run it through the BIG-IP while your server is still setup as a secure web service and you don't have LTM doing SSL offload, it's not working on your client? If so, that doesn't make sense as if the LTM is not terminating the SSL, then the certificate passing should be identical. The packets to/from the web service from the client shouldn't be changed by the LTM (that is, unless it's terminating the SSL - ie. decrypting from the client and then re-encrypting to the backend server).
- Roman_80473
Nimbostratus
Joe,
Recent Discussions
Related Content
Â
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects