HTTP_REQUEST and HTTP::redirect and HTTP::respond with if condition and source IP

A few things to point out:

1. You don't need to set the src_client_ip variable because you're only evaluating it once. The added variable just adds memory consumption. Truthfully, since you're only evaluating the path 3 times, you could probably also skip setting the path variable as well.

2. Is the %1701 a route domain identifier?

3. In each of your conditions, you HTTP::redirect and HTTP::respond commands. The HTTP::redirect command issues a 302 response to the client with a Location header. The HTTP::response command, in this case, responds to the client with a 200 and some HTML content. These two commands are contradictory. If it works at all, it's certainly an anomaly.

4. I would add some logging to the top of your iRule to see what the path actually is. The fact that the "/use1/" condition isn't catching would most likely indicate that the path is never "/use1/".

Here's a new version of your iRule. I made some assumptions about what you wanted to do in the conditions where you had a redirect and a respond.

when HTTP_REQUEST {
    log local0. "Client ([IP::client_addr]) is requesting: [HTTP::path]"

    if { [IP::addr [IP::client_addr] equals 176.202.126.81%1701] } {
        log local0. "Client IP match"
        switch -glob [string tolower [HTTP::path]] {
            "/use1/*" {
                log local0. "Catch /use1/ - redirecting"
                HTTP::redirect "https://ecr.host.com.qa/use/" 
            }
            "/use/*" {
                log local0. "Catch /use/"
                HTTP::respond 200 content "IP is $src_client_ip and /use/" "Content-Type" "text/xml"
            }
            "/oncfo1/*" {
                log local0. "Catch /oncf1/ - redirecting"
                HTTP::redirect "https://ecr.host.com.qa/oncfo/" 
            }
            "/oncfo/*" {
                log local0. "Catch /oncfo"
                HTTP::respond 200 content "IP is $src_client_ip and /oncfo/" "Content-Type" "text/xml" 
            }
            "/oncres1/*" {
                log local0. "Catch /oncres1/ - redirecting"
                HTTP::redirect "https://ecr.host.com.qa/oncres/"
            }
            "/oncres/*" {
                log local0. "Catch /oncres/"
                HTTP::respond 200 content "IP is $src_client_ip and /oncres/" "Content-Type" "text/xml" 
            }
            default {
                log local0. "Default condition"
                HTTP::respond 200 content "IP is $src_client_ip and check it" "Content-Type" "text/xml" 
            }
        }
    } else {
        log local0. "Client IP doesn't match"
        HTTP::respond 200 content "IP is $src_client_ip and check it" "Content-Type" "text/xml" 
    }
}

Thanks Kevin Stewart for the response.

I have used your content with little modification to observe the changes. and result of var log is as below.-- Just note... neither redirecting worked nore HTTP::response reflected in browser. Jul 10 16:11:57 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (176.203.127.247%1701) is requesting: /oncfo2/ Jul 10 16:11:57 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP match Jul 10 16:11:57 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Catch /oncfo Jul 10 16:13:02 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (176.203.127.247%1701) is requesting: /abcd/ Jul 10 16:13:02 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP match Jul 10 16:13:02 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Default condition Jul 10 16:14:53 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (176.203.127.247%1701) is requesting: /pqrs/* Jul 10 16:14:53 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP match Jul 10 16:14:53 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Default condition Jul 10 16:15:19 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (176.203.127.247%1701) is requesting: /oncres2/ Jul 10 16:15:19 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP match Jul 10 16:15:19 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Catch /oncres/ Jul 10 16:16:24 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (176.203.127.247%1701) is requesting: /oncfo1/ Jul 10 16:16:24 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP match Jul 10 16:16:24 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Catch /oncf1/ - redirecting

when HTTP_REQUEST { log local0. "Client ([IP::client_addr]) is requesting: [HTTP::path]"

if { [IP::addr [IP::client_addr] equals 176.203.127.247%1701] } {
    log local0. "Client IP match"
    switch -glob [string tolower [HTTP::path]] {
        "/use1/*" {
            log local0. "Catch /use1/ - redirecting"
            HTTP::redirect "https://ecr.host.com.qa/use/" 
        }
        "/use2/*" {
            log local0. "Catch /use/"
            HTTP::respond 200 content "IP is [IP::client_addr] and -use2-" "Content-Type" "text/xml"
        }
        "/oncfo1/*" {
            log local0. "Catch /oncf1/ - redirecting"
            HTTP::redirect "https://ecr.host.com.qa/oncfo/" 
        }
        "/oncfo2/*" {
            log local0. "Catch /oncfo"
            HTTP::respond 200 content "IP is [IP::client_addr] and -oncfo2-" "Content-Type" "text/xml" 
        }
        "/oncres1/*" {
            log local0. "Catch /oncres1/ - redirecting"
            HTTP::redirect "https://ecr.host.com.qa/oncres/"
        }
        "/oncres2/*" {
            log local0. "Catch /oncres/"
            HTTP::respond 200 content "IP is [IP::client_addr] and -oncres2-" "Content-Type" "text/xml" 
        }
        default {
            log local0. "Default condition"
            HTTP::respond 200 content "IP is [IP::client_addr] and check it" "Content-Type" "text/xml" 
        }
    }
} else {
    log local0. "Client IP doesn't match"
    HTTP::respond 200 content "IP is [IP::client_addr] and check it" "Content-Type" "text/xml" 
}

}

Extent result. when using /use1/ Browser Result - The webpage cannot be found 404

when using /use2/ Browser Result - Blank, nothing displayed.

when using /oncfo2/ Browser Result - Blank Page, nothing displayed.

when using /oncfo1/ Browser Result - redirected to https://.../oncfo/..... working.

when using /oncres2/ Browser Result - Blank Page, nothing displayed.

when using /oncres1/ Browser Result - redirected to https://.../oncres/...working. Error 403--Forbidden

Comments inline:

Extent result. when using /use1/ Browser Result - The webpage cannot be found 404

A request for /use1/ should result in a redirect to "https://ecr.host.com.qa/use/", which (because there's no condition for it) goes to the Default condition and should display some HTML content. Is this iRule applied to the "https://ecr.host.com.qa" URL? Does the "/use/" URI actually exist on this server?

when using /use2/ Browser Result - Blank, nothing displayed.

Assuming you are still seeing the log message for the correct condition, the response you're sending isn't properly formatted as XML data. Your browser may be blocking it. If you try this from a cURL statement, you may see different results:

curl -k https://x.x.x.x/use2/

when using /oncfo2/ Browser Result - Blank Page, nothing displayed.

Same as above.

when using /oncres2/ Browser Result - Blank Page, nothing displayed.

Same as above.

when using /oncres1/ Browser Result - redirected to https://.../oncres/...working. Error 403--Forbidden

That's certainly going to be an application issue.

and remaining test result of /var log and impact on browser.

Jul 10 17:11:25 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (176.203.127.247%1701) is requesting: /a-b-c-d-e/ Jul 10 17:11:25 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP match Jul 10 17:11:25 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : IP match but Default last condition

Browser - Blank Page, nothing displayed.

Jul 10 17:12:07 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (78.100.37.xx%1701) is requesting: /a-b-c-d-e/ Jul 10 17:12:07 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP doesn't match

Browser - below output. The XML page cannot be displayed Invalid at the top level of the document. Error processing resource Line 1, Position 1 IP is 78.100.37.xx%1701 and check it ^

Jul 10 17:13:03 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (78.100.37.xx%1701) is requesting: /use2/ Jul 10 17:13:03 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP doesn't match

Browser - below output. The XML page cannot be displayed Invalid at the top level of the document. Error processing resource Line 1, Position 1 IP is 78.100.37.xx%1701 and check it ^

Jul 10 17:13:29 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (78.100.37.%1701) is requesting: /use1/ Jul 10 17:13:29 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP doesn't match

Browser - below output. The XML page cannot be displayed Invalid at the top level of the document. Error processing resource Line 1, Position 1 IP is 78.100.37.xx%1701 and check it ^

If you test all of this from the command line with cURL, you'll be able to see everything more clearly, without the browser potentially thrashing the content.

curl -v -k https://x.x.x.x/a-b-c-d-e/

curl -v -k https://x.x.x.x/use1/    

In any case, the payload you're sending in the HTTP::respond is not properly formatted XML, so the browser is generating an error.

@Kevin, you correct that Browser not displaying the content. --So then How Can I make browser friendly response & XML no error .--

I tried in internet Explorer version 9. - showing Blank BUT when I tried from Mozila I got below response.

XML Parsing Error: syntax error Location: http://ecr.host.com.qa/use2/ Line Number 1, Column 1:IP is 176.203.127.247%1701 and -use2- ^

--Second Point when i tried /use1/ it should be redirected to /use/ but same problem that internet explorer no change in URL BAR however mozilla url bar redirection relfect but SML error.

When I try from Mozilla. Url bar changed to https://..use/.. and log below Jul 10 19:19:11 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (176.203.127.247%1701) is requesting: /use1/ Jul 10 19:19:11 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP match Jul 10 19:19:11 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Catch-1 use1 to use - redirecting

-- When I try from Internet explorer. URL bar does not change to https://...but in logs below.

Jul 10 19:19:31 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (176.203.127.247%1701) is requesting: /use1/ Jul 10 19:19:31 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP match Jul 10 19:19:31 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Catch-1 use1 to use - redirecting

BUT XML Example still a challenge coj not working.

This brings me back to an earlier question.

Is "https://ecr.host.com.qa" this VIP? The fact that you're not getting the logs for "/use/" condition after the redirect suggests that the traffic is going somewhere else.

YES, http://ecr.host.com.qa & https://ecr.host.com.qa both are VIP. Basically I was not able to make iRule to reach HTTP request or Client accepted for SSL (https) thats why I am trying these for the http content and then forwarding to the https

by my final aim is to write iRule for https traffic and as per source IP and content in URI, I have to select the pool.

if you say the above statement then I tried the code below but still the same log.

switch -glob [string tolower [HTTP::path]] { "/use1/*" { log local0. "Catch-1 use1 to use - redirecting" HTTP::redirect "https://google.com/" }

and in mozilla I am being successfully forwarded to google.com

Jul 10 21:36:37 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (176.203.127.247%1701) is requesting: /use1/ Jul 10 21:36:37 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP match Jul 10 21:36:37 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Catch-1 use1 to use - redirecting