Forum Discussion
NimbostratusHTTP Payload Parsing not working as expected
Hello,
I am trying to load balance based of a UN string seen in the HTTP Payload, i was able to do this in TCP Payload for another VIP without any issues.I have tried multiple iterations of irules to accomplish this, i used a dev central irule to extract the http headers and this is an excerpt i am focusing on.
Basically I want to inspect the HTTP payload and loadbalance based on the value after UN:
Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : ============================
Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : <<< HTTP Headers >>>
Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : OP: 0
Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : UN: xxxxxxxxxxx
Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : PW: yyyyyyyyyyy
Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : client_source: zz
Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : client_version: 6.2.0.17
Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : app_type: APPLICATION
Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : app_name: zz
Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : User-Agent: Java/1.6.0_26
Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : Host: something.abc.com
Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : Accept: text/html, image/gif, mage/jpeg,*; q=.2, */*; q=.2
Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : Connection: keep-alive
Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : <<< URI >>>
Apr 24 18:13:38 local/tmm7 info tmm7[6915]: Rule HTTP_Inspect_Extract_Irule : HTTP::uri: /ff/ggggggg
Here are some of the irules I have tried without success, any idea's are greatly appreciated.
-----------------------------------------------------------------------
when HTTP_REQUEST {
if { [HTTP::header "UN:"] contains "@ATEST4" } {
pool Leg1
} else {
pool Leg2
}
}
-----------------------------------------------------------------------(tried using a class below)-----
when HTTP_REQUEST {
if {[class match [HTTP::header "User-Agent"] contains UserID] } {
pool Leg1
} else
pool Leg2
}
-----------------------------------------------------------------------
when CLIENT_ACCEPTED {
HTTP::collect 1500
}
when CLIENT_DATA {
log local0. "in CLIENT_DATA"
if { [HTTP::payload] contains "xxxxx" } {
pool Leg1
} else {
pool Leg2
}
HTTP::release
}
-----------------------------------------------------------------------
when CLIENT_ACCEPTED {
TCP::collect 1000
}
when CLIENT_DATA {
log local0. "in CLIENT_DATA"
if { [TCP::payload] contains "xxxxx" } {
pool Leg1
} else {
pool Leg2
}
TCP::release
}
______________________________________________________
9 Replies
What_Lies_Bene1Cirrostratus
It looks like UN is a HTTP header so I'd have thought this would work (removed the :);when HTTP_REQUEST { if { [HTTP::header "UN"] contains "@ATEST4" } { pool Leg1 } else { pool Leg2 } }- What_Lies_Bene1To put it another way, it's not in the payload!
jgranieriLet me try that and see it works...
I did try parsing the HTTP headers but see I had some incorrect syntaz being used.
- jgranieri
I modified the irules and tried parsing the on the header, it initiall works but now the issue seems that even when the header doesn't match it still gets routed to the wrong pool. I have no persistence configured on the VIP.
when i login with a username containing xxxxx it goes to the correct pool. Next login uses a different username such as yyyy and it should go to the 2nd pool but it doesnt, I verified via tcpdump it still goes to the first pool
when HTTP_REQUEST {
if { [HTTP::header "UN"] contains "@xxxxx" } {
pool Pool1
} else {
pool Pool2
}
}
---------------------------------------------------------------------------------
second irule uses a data group and string value no such luck:
when HTTP_REQUEST {
if {[class match [HTTP::header "UN: "] contains UserID] } {
pool Pool1
} else {
pool Pool2
}
}
---------------------------------------------------------------------------------
Any idea's on why this is occuring if the persistence profile is sent to none ?
- Kevin_Stewart
Employee
Do you have OneConnect enabled on the virtual server? - jgranieriI only have the standard http profile enabled...
no one-connect profile - Kevin_StewartSorry, I should have said, if you don't have oneConnect enabled on the virtual server, please enable it and test.
- jgranieriI just tried it with a One_Connect profile, same issue. no change in behavior.
Odd thing is that I have done parsing with TCP Payload and had no issues directing certain traffic based on tcp payload names - jgranierithis is working... the entire username string was needed, part of the username didnt work. thanks for everyones input!
