Forum Discussion
NimbostratusHow we can publish multiple applications on same VIP with same port & same irule?
We have recently procured F5 device for Reverse proxy. We are now migrating ISA applications but while migration we are facing issue. I need help to create irule as per our requirement. If we have “abc.com” & “xyz.com” two url’s those are published through ISA on 443 port with same public IP & both the URL’s has redirected to 8080 once it hits any request to VIP of 443 & also if in URL ‘/document’ & ‘/CVwebap’ comes, it should route to 9090.
For such scenario we have created 2+2 separate pools for both application & created a virtual server which is natted with public IP on 443 port. 1.Abc_8080 ---------- this pool for default “abc.com” 2.Abc_9090 ----------- if “abc.com/documents” & “abc.com/cvwebap” it should come to this pool 3.Xyz_8080 ------------ this pool for default “xyz.com” 4.Xyz_9090 ------------ if “xyz.com/documents”& “xyz.com/cvwebap” it should come to this pool. We can’t use contain based irule because we need to published multiple applications with same contains. Example, I have tried below irule, it works but how we can use it for multiple applications. when HTTP_REQUEST { SSL::disable if { [HTTP::uri] contains "cvapweb” or “documents" } { pool abc_9090 } else { pool abc_8080. } }
How we can publish multiple applications on same VIP with same port & same irule?
12 Replies
mayur_m_150368Need to clear points, If we have “abc.com” & “xyz.com” two url’s those are published through F5 on 443 port with same VIP. Case 1:- If any request hits to virtual IP it should redirect to 8080 & Case 2:- If ‘/document’ & ‘/CVwebap’ comes in URL it should route to 9090. For such scenario we have 2 separate pools for both application. 1.Abc_8080 ---------- This is default pool for “abc.com” 2.Abc_9090 ----------- if “abc.com/documents” & “abc.com/cvwebap” it should come to this pool 3.Xyz_8080 ------------ This is default pool for “xyz.com” 4.Xyz_9090 ------------ if “xyz.com/documents”& “xyz.com/cvwebap” it should come to this pool. I have created below irule, but it is not working, Can anyone help me to resolve it? when HTTP_REQUEST { SSL::disable if { [string tolower [HTTP::host]] equals "abc.com" } then { if { [HTTP::uri] contains "cvapweb" } { pool abc_9090 } else { pool abc_8080 } } } } elseif { { [string tolower [HTTP::host]] equals "xyz.com" } then { if { [HTTP::uri] contains "cvapweb" } { pool xyz_9090 }else { pool xyz_9090 } } } }
giltjrAre you 100% sure your host names are just plain abc.com and xyz.com? That is, they are not something like www.abc.com or application.xyz.com?
Cory_50405Noctilucent
You should also be doing a 'string tolower' on your HTTP::uri match, same as you're doing on your HTTP::host match. And there's no need for the 'then' after your if statements.
If after you make these changes and the iRule still doesn't work, please describe exactly what isn't working.
- mayur_m_150368Hi thanks for reply, but i tried with removing then still it waa not working. Actually i have just tried this was per our requirement but not sure wether such irule will work or not. When i tried to create with same irule it was showing number of errors. Can u plz suggest any one as per our scenario. How i can write it?
- Cory_50405
Try this:
when HTTP_REQUEST { SSL::disable if { [string tolower [HTTP::host]] equals "abc.com" } { if { [string tolower[HTTP::uri]] contains "cvapweb" } { pool abc_9090 } else { pool abc_8080 } } elseif { [string tolower [HTTP::host]] equals "xyz.com" } { if { [string tolower [HTTP::uri]] contains "cvapweb" } { pool xyz_9090 } else { pool xyz_9090 } } }- mayur_m_150368Hi, I can able to save this irule in F5, but when i can try to access the URL's through F5 its not working, it only goes till https (security page) but cant go beyond that. It menas it cant pass through irule. I can able to see hits on virtual servers but it not comes in pools. The same application is running through microsoft ISA server.
- mayur_m_150368if i splits this irule into parts like if i use only ----------------------------------------------------------------------------------------------- when HTTP_REQUEST { SSL::disable if { [string tolower[HTTP::uri]] contains "cvapweb" } { pool abc_9090 } else { pool abc_8080 } } } it works. ------------------------------------------------------------------------------- but if i use below one, when HTTP_REQUEST { SSL::disable if { [string tolower [HTTP::host]] equals "abc.com" } { if { [string tolower[HTTP::uri]] contains "cvapweb" } { pool abc_9090 } else { pool abc_8080 } } } it is not working... it only shows till security page beyond that it is not going. why is so??
- Cory_50405Only reason I could see is that it wouldn't be matching the host condition if nothing is happening. Is the server sending a redirect perhaps?
- Kevin_Stewart
Employee
Try this:
when HTTP_REQUEST { switch [string tolower [HTTP::host]] { "abc.com" { if { [string tolower [HTTP::uri]] contains "cvapweb" } { pool abc_9090 } else { pool abc_8080 } } "xyz.com" { if { [string tolower [HTTP::uri]] contains "cvapweb" } { pool xyz_9090 } else { pool xyz_8080 } } } }Not sure why you're using SSL::disable in your original iRule. Using it in an HTTP_REQUEST (OSI layer 7) suggests that you want to disable server side SSL, but if none of the downstream pools are SSL, and you don't have an SSL profile applied to the VIP, then you don't need this command.
- Kevin_Stewart
At this point I'd recommend some logging:
when HTTP_REQUEST { log local0. "Incoming host: [HTTP::host]" log local0. "Incoming URI: [HTTP::uri]" switch [string tolower [HTTP::host]] { "abc.com" { log local0. "Catching abc.com" if { [string tolower [HTTP::uri]] contains "cvapweb" } { log local0. "abc.com URI contains cvapweb" pool abc_9090 } else { log local0. "abc.com default pool" pool abc_8080 } } "xyz.com" { log local0. "Catching xyz.com" if { [string tolower [HTTP::uri]] contains "cvapweb" } { log local0. "xyz.com URI contains cvapweb" pool xyz_9090 } else { log local0. "xyz.com default pool" pool xyz_8080 } } } }Tail the LTM log and test again.
tail -f /var/log/ltmYou may be surprised by what you find.
Dheer_282482Hello Guys, I need help on same scenario but working on https. /
example :- url https://hello.abc.com will be go to Pool hello.abc.com if url https://hi.abc.com will go to hi.abc.com where VIP is same with https port for hello.abc.com & hi.abc.com- Dheer_282482
Hello mates, I need help on below scenario working on https. /
example :- if url https://hello.abc.com will be go to Pool :- hello.abc.com
if url https://hi.abc.com will go to Pool :- hi.abc.com where VIP is same with https port for https://hello.abc.com & https://hi.abc.com
