For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Devlin_T_149357's avatar
Devlin_T_149357
Oct 01, 2018

Help with iRule

Hi everyone I'm trying to unpick someone elses iRule but failing miserably. From what I can tell this seems to be a very long winded way to essentially read the requested URI of a request, and matc...
application delivery
iRules
LTM
Stanislas_Piro2's avatar
Stanislas_Piro2
Icon for Cumulonimbus rankCumulonimbus
Oct 03, 2018

Hi,

 

here are some improvements of the code with comments

 

when CLIENT_ACCEPTED {
     define the datagroup name based on virtual server.
     It is recommended to do it once per TCP connection (event CLIENT_ACCEPTED) instead of per request (event HTTP_REQUEST)
    set uriPoolMapClass "[string range [virtual name] 0 end-2]uri_pool_map_class"
}

when HTTP_REQUEST priority 100 {
     decode URI to provision both poolId and newUri variables.
    switch [scan [HTTP::uri] {/%[^/]%s} poolId newUri] {
        0 {
            Pool ID not available
            return
        }
        1 {
             Pool ID available, but newUri not set. setting  newUri to /
             this happens when URI is like "/poolId" and not "/poolId/path1/path2"
            set newUri "/"
        }
        2 {
             Everything seems OK. continue.
        }
    }
    
    if {[set dstPool [class lookup [string tolower $poolId] $uriPoolMapClass]] ne ""} {
        HTTP::uri $newUri
        if {[catch {pool $dstPool}] {
             Pool assignment fails. it may not exist and create a TCL error if not inside catch command.
             define action here for this behavior.
             this happens if poolId is already created in Datagroup but the pool is not created yet.
        }
    } else {
         TODO this needs to be changed to reject if there isn't another iRule which ends in a deny_all
        return
    }
}