Forum Discussion
CirrusHTTP_REQUEST and HTTP::redirect and HTTP::respond with if condition and source IP
I have below iRule but it is not working as expected. two statement working /oncfo1/ and /oncres1/ but /use1/ not forwarding & also if no condition match then else statement also not giving result.
I want. if for particular source IP from internet and if access a host with three sub directories then redirect to accordingly but other then these sub directory, it should return content with some message.
when HTTP_REQUEST { set src_clint_ip [IP::client_addr] set host [string tolower [getfield [HTTP::host] ":" 1]] set path [string tolower [HTTP::path]]
log local0. "client=[IP::client_addr] host=[HTTP::host] path=$path"
if {( [IP::addr $src_clint_ip equals 176.202.126.81%1701] )} then { if { $path starts_with "/use1/" } then { HTTP::redirect "https://ecr.host.com.qa/use/" HTTP::respond 200 content "IP is $src_client_ip and /use1/" "Content-Type" "text/xml" } elseif { $path starts_with "/oncfo1/" } then { HTTP::redirect "https://ecr.host.com.qa/oncfo/" HTTP::respond 200 content "IP is $src_client_ip and /oncfo/" "Content-Type" "text/xml" } elseif { $path starts_with "/oncres1/" } then { HTTP::redirect https://ecr.host.com.qa/oncres/
HTTP::respond 200 content "IP is $src_client_ip and /oncres/" "Content-Type" "text/xml" } else { HTTP::respond 200 content "IP is $src_client_ip and not matching" "Content-Type" "text/xml" }
} else { HTTP::respond 200 content "IP is $src_client_ip and check it" "Content-Type" "text/xml" } unset src_clint_ip }
26 Replies
Neeraj_Jags_152@Kevin, My ultimate requirement is to place iRule for https traffic. if user access https://ecr.host.com.qa/ and /use/ or /use1/* or ... and if use /oncfo/.. like the same condition as above. what should be the iRule for the same? can you please help here.
Neeraj Jagetia
- Neeraj_Jags_152
Will I have to do something thing extra to make it work..
- Kevin_Stewart
Employee
You can put this same iRule on the HTTPS VIP with the same effect (assuming you are also offloading SSL at the VIP). If you only want users to access the application through the HTTPS VIP, then in your HTTP VIP simply assign the built-in http-to-https redirect iRule. When users make a request to the http:// URL, the HTTP VIP will automatically redirect that traffic to the same URI on the https://, and then your iRule logic for the various paths will work as needed.
- Neeraj_Jags_152
Hi Kevin, thanks, I tried as you suggested and is working fine.
Now I will convert it to use Data Group and to switch to specified pool or to default pool.
my final https version reduced.
when HTTP_REQUEST { log local0. "https.1st Client ([IP::client_addr]) is requesting: [HTTP::path]" if { ([IP::addr [IP::client_addr] equals 176.203.127.xx%1701]) or ([IP::addr [IP::client_addr] equals 176.203.95.xx%1701]) or ([IP::addr [IP::client_addr] equals 78.100.153.xx%1701]) } { log local0. "https SRC IP matched [IP::client_addr], so look if word match" switch -glob [string tolower [HTTP::path]] { "/use/*" { log local0. "https Catch1 word: use, " } "/use2/*" { log local0. "https Catch2 word: use2, so no redirect" HTTP::respond 200 content "IP is [IP::client_addr] and use2" "Content-Type" "text" } "/oncfo/*" { log local0. "https Catch3 word: oncfo, " } "/oncfo2/*" { log local0. "https Catch4 word: oncfo2, so no redirect" HTTP::respond 200 content "IP is [IP::client_addr] and oncfo2" "Content-Type" "text/xml" } default { log local0. "Default https, IP is [IP::client_addr] matched but [HTTP::path]" return } } } else { log local0. "https SRC IP [IP::client_addr] doesn't match and word is [HTTP::path]" return }}
I hope you agrees to that. Thanks again...
