F5 as web server

You can return html content directly from an iRule:

 

 

when HTTP_REQUEST {

 

HTTP::respond 200 content {

 

\

 

\

 

Apology Page \

 

\

 

\

 

We are sorry, but the site you are looking for is temporarily out of service

 

\

 

If you feel you have reached this page in error, please try again. \

 

\

 

 

}

 

}

 

 

See: http://devcentral.f5.com/Wiki/default.aspx/iRules/HTTP__respond.html

 

 

Sorry, wpskier, I updated the HTTP::respond wiki page with a bad example today. You can remove the trailing backslashes as they aren't needed with the outer curly braces:

 
 when HTTP_REQUEST { 
    HTTP::respond 200 content { 
        
           
             Apology Page 
           
           
             We are sorry, but the site you are looking for is temporarily out of service
 
             If you feel you have reached this page in error, please try again. 
           
        
    } 
 } 
 

Aaron

I need to do something similar but the http conversion would be a two step process

 

the 200 repsonse from the F5 will need to look like this

 

 

HTTP/1.1 200 OK

 

Date: Wed, 03 Dec 2008 21:37:28 GMT

 

Server: Apache/2.0.52 (Red Hat) mod_ssl/2.0.52 OpenSSL/0.9.7a

 

Cache-Control: private

 

Content-Length: 477

 

Set-Cookie: JSESSIONID=aVQF4FC9UlQc; path=/

 

Keep-Alive: timeout=15, max=100

 

Connection: Keep-Alive

 

Content-Type: text/plain; charset=utf-8

 

 

 

 

 

 

 

1

 

 

 

 

 

the client response will be like this

 

 

POST / HTTP/1.1

 

Accept: text/*, application/*

 

Host: 12.23.2.12:443

 

Content-Length: 0

 

Connection: Keep-Alive

 

Content-Type: text/xml; charset="utf-8"

 

Cookie: JSESSIONID=aVQF4FC9UlQc

 

Authorization:Basic MDAwRkNDLTEzNjMDA3NzAyNDoxMjM0NTY=

 

 

this reply from F5 tells the client to go away

 

 

HTTP/1.1 204 No Content

 

Date: Wed, 03 Dec 2008 21:37:29 GMT

 

Server: Apache/2.0.52 (Red Hat) mod_ssl/2.0.52 OpenSSL/0.9.7a

 

Content-Length: 0

 

Keep-Alive: timeout=15, max=99

 

Connection: Keep-Alive

 

Content-Type: text/plain; charset=utf-8

 

 

Can this two step http conversation take place?

 

this traffic will be all ssl so the F5 would have to offload the ssl transaction first

 

how would this irule be coded?

 

Hi pgroven,

 

 

You can use HTTP::respond to send an arbitrary HTTP response to the client. If you want to send two different responses based on some component of the request you'd need to check the client request first. When do you want to send the HTTP 200 response and when do you want to send the HTTP 204 response?

 

 

You can check the HTTP::response wiki page (Click here) for details on using the command.

 

 

Aaron

as shown above the 200 response will come first

 

The client will respond with something like this

 

(IP address and authorization will be different for each client)

 

 

POST / HTTP/1.1

 

Accept: text/*, application/*

 

Host: 12.23.2.12:443

 

Content-Length: 0

 

Connection: Keep-Alive

 

Content-Type: text/xml; charset="utf-8"

 

Cookie: JSESSIONID=aVQF4FC9UlQc

 

Authorization:Basic MDAwRkNDLTEzNjMDA3NzAyNDoxMjM0NTY=

 

 

after this the F5 response should be like this

 

Can the irule be configured to display correct time?

 

 

HTTP/1.1 204 No Content

 

Date: Wed, 03 Dec 2008 21:37:29 GMT

 

Server: Apache/2.0.52 (Red Hat) mod_ssl/2.0.52 OpenSSL/0.9.7a

 

Content-Length: 0

 

Keep-Alive: timeout=15, max=99

 

Connection: Keep-Alive

 

Content-Type: text/plain; charset=utf-8

 

 

I am not sure how I can code this irule?

Is there a particular scenario that you want to enable the 204 response from the iRule? You can use the TCL clock command (clock format with clock seconds Click here) to get the current time in a specific format.

 

 

Aaron

this irule will be implemented during a maintenance window so the cluster can recover quicker once it is started backup.

 

Can an irule be specified for only one pool?

iRules are specified at the Virtual Server level, not at the pool level. You can certainly make the iRule only act on certain traffic, though.

 

 

Colin

Hi pgroven,

 

 

As Colin suggests, it's possible to send a response based on specific criteria of the request and/or response. If you're looking for specific suggestions for how to write an iRule to send back a response, could you provide more complete information on what you're overall goal and what you want to do with an iRule? Else, if you try something and get stuck let us know.

 

 

Thanks,

 

Aaron

Sometimes I use the following simple irule

 

when HTTP_REQUEST {

 

HTTP::respond 204

 

}

 

 

Is there any way to setup a counter to log how many connections were handed a 204?

 

Can it be sent to /var/log/ltm?