Forum Discussion
NimbostratusHow to check if an iRule is active
PLEASE HELP. I am trying to apply an iRule to a virtual server. So I am using the below code for testing if the iRule is active. All the below code suppose to do is to redirect all traffic to google. However, nothing seems to happen. I am not even sure if the iRule is called. I can see the iRule via the network map under the virtual server (the circle next to it is white though, should it be?).
when HTTP_REQUEST {
HTTP::redirect "http:://www.google.com"
}
21 Replies
Linda_01_162621Its a performance (Layer 4) virtual server. The other types do not show an option to select a HTTP profile (after selecting advance). Accordingly, I have to attach a http profile so I can have access to the HTTP_REQUEST event, otherwise One can't add the iRule.
- THiSorry, should have read more carefully about the vs type. I think I came across a similar problem quite a while ago. The performance L4 vs is meant for L4 processing and FastL4 is using hw PVA acceleration if possible. I believe the PVA acceleration mode should be set to none to allow HTTP processing with iRules. Not sure if it helps. What if you used additional standard vs or performance (HTTP) virtual server for 0.0.0.0:80 with the iRule instead of the 0.0.0.0:0? You can leave the full wildcard one without the iRule to serve all other ports if needed.
- THiOr change the vs type to standard instead of performance L4? You can also add logging line(s) to the iRule to see whether it fires and does the logic you want.
- Linda_01_162621
Thanks. I'll try that.
- Linda_01_162621
I checked the statistics and the iRule doesn't fire, i.e. The event (HTTP_REQUEST) in the rule does not fire.
I'll try and boot from an older version of the firmware 11.0.5 and see if that can't fix the problem.
Afro_158117Try this and see if the irule is hit when CLIENT_ACCEPTED { log local0 " IP::addr [IP::client_addr] client accepted" } Check the ltm logs tail /var/log/ltm
StephanMantheyNacreous
Hi Linda01,
in case you want to redirect a client with your virtual server it has to be of type "Standard" and needs an HTTP-profile assigned. The type "Performance-HTTP" is very limited in capabilities (supports just cookie insert and XFF insert, afaik). If you change the configuration of your virtual server it will be necessary to close all connections from the client you are testing with because existing connections are not affected by the change. In case of using i.e. Firefox it really means to close all firefox instances! You can also temporarily add a log statement to your iRule to check the event is triggered:when HTTP_REQUEST { log local0. "New http request from client <[IP::client_addr]> received <[HTTP::method] [HTTP::uri] [HTTP::version]>, will be redirected" HTTP::redirect "http:://www.google.com" }From bash please run the following to track the new log events for /var/log/ltm facility:
tail -f /var/log/ltmThanks, Stephan
- Linda_01_162621
Thank you everyone for your help.
It turns out that, the virtual server was not getting any connections. So, I downgraded from ver 11.6 to 11.4 (not sure if made any difference though)
I was able to solve the problem by creating only one wildcard virtual server that supports all protocols, and have it load balanced my internet connection(s).
However with this, I am only able to get UDP traffic through (selected it on the configuration -> protocol. I can't get any TCP through, I can't even ping the machine I am streaming video to (streaming works though).
My objective is get video, FTP and SIP from the internal LAN through the virtual server (profiles, iRule, etc) via load balanced ISPs to the internet.
- StephanMantheyHi Linda, you can create multiple network virtual servers 0.0.0.0/0 to listen on the same VLAN if you select specific transport protocols and/or service ports. So in addition to your wildcard virtual server listening on UDP you can create another one on TCP/0 (any) with the same configuration (to handle all TCP traffic) and a specific one on TCP/80 (mode "Standard" with an http-profile and your iRule to redirect traffic). Another virtual server can be created to handle "all" protocols. In coexistence with the virtual servers it will handle all unmatched traffic (i.e. outgoing ICMP or IPSec data). Thanks, Stephan
