Forum Discussion
CirrusHTTP_REQUEST and HTTP::redirect and HTTP::respond with if condition and source IP
I have below iRule but it is not working as expected. two statement working /oncfo1/ and /oncres1/ but /use1/ not forwarding & also if no condition match then else statement also not giving result.
I want. if for particular source IP from internet and if access a host with three sub directories then redirect to accordingly but other then these sub directory, it should return content with some message.
when HTTP_REQUEST { set src_clint_ip [IP::client_addr] set host [string tolower [getfield [HTTP::host] ":" 1]] set path [string tolower [HTTP::path]]
log local0. "client=[IP::client_addr] host=[HTTP::host] path=$path"
if {( [IP::addr $src_clint_ip equals 176.202.126.81%1701] )} then { if { $path starts_with "/use1/" } then { HTTP::redirect "https://ecr.host.com.qa/use/" HTTP::respond 200 content "IP is $src_client_ip and /use1/" "Content-Type" "text/xml" } elseif { $path starts_with "/oncfo1/" } then { HTTP::redirect "https://ecr.host.com.qa/oncfo/" HTTP::respond 200 content "IP is $src_client_ip and /oncfo/" "Content-Type" "text/xml" } elseif { $path starts_with "/oncres1/" } then { HTTP::redirect https://ecr.host.com.qa/oncres/
HTTP::respond 200 content "IP is $src_client_ip and /oncres/" "Content-Type" "text/xml" } else { HTTP::respond 200 content "IP is $src_client_ip and not matching" "Content-Type" "text/xml" }
} else { HTTP::respond 200 content "IP is $src_client_ip and check it" "Content-Type" "text/xml" } unset src_clint_ip }
26 Replies
- Kevin_Stewart
Employee
Ah, so if I understood you correctly, this iRule was on the HTTP VIP but not the HTTPS VIP? If so, can you for testing change the "https://ecr.host.com.qa" redirects to "http://ecr.host.com.qa". This should let you see the events for the "/use/" condition, and eliminate any of the confusion with potential SSL issues.
Also, just for testing, change the HTTP::respond to just send plain text (no text/xml Content-Type header):
HTTP::respond 200 content "IP is [IP::client_addr] and -oncres2-" 
Neeraj_Jags_152one more thing when I used below it worked for internet explor also. HTTP::respond 200 content "IP is [IP::client_addr] and use2" "Content-Type" "text"
- Kevin_StewartSure. That leads me to believe it's just an IE thing.
- Neeraj_Jags_152
As I understood from above, you want me to create a iRule and associate it with https VIP ? or any simple way and then what to access in browser and where to see logs ? same at val/log/ltm ?
- Neeraj_Jags_152
or simply you want the below to associate with HTTP VIP as it is "/use1/*" { log local0. "Catch-1 use1 to use - redirecting" HTTP::redirect "http://ecr.vodafone.com.qa/use/"
OR-- "/use1/*" { log local0. "Catch-1 use1 to use - redirecting" HTTP::redirect "http://ecr.vodafone.com.qa"
- Kevin_Stewart
My suggestion is to do everything, for now, from the HTTP VIP. Change the redirects to reflect the HTTP VIP URL:
http://ecr.host.com.qaSo that all traffic flows back to this same VIP.
- Neeraj_Jags_152
YES made changes in existing above iRule that ..
below is the result when two test performed /use1/ and /use2/
for first test-1 >> /use1/ it is being redirected to / as per iRule .
Jul 10 22:24:42 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (176.203.127.247%1701) is requesting: /use1/ Jul 10 22:24:42 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP match Jul 10 22:24:42 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Catch-1 use1 to use - redirecting Jul 10 22:24:42 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (176.203.127.247%1701) is requesting: / Jul 10 22:24:42 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP match Jul 10 22:24:42 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : IP match but Default last condition Jul 10 22:25:20 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (176.203.127.247%1701) is requesting: /use2/ Jul 10 22:25:20 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP match Jul 10 22:25:20 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Catch-2 use2 - no redirect
- Neeraj_Jags_152
Morover. result are different for ie & mozilla. see below first try from id then from mozilla
Jul 10 22:30:39 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (176.203.127.247%1701) is requesting: /abcd/ Jul 10 22:30:39 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP match Jul 10 22:30:39 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : IP match but Default last condition Jul 10 22:30:51 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (176.203.127.247%1701) is requesting: /use1/ Jul 10 22:30:51 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP match Jul 10 22:30:51 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Catch-1 use1 to use - redirecting
Jul 10 22:31:16 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (176.203.127.247%1701) is requesting: /pqr/ Jul 10 22:31:16 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP match Jul 10 22:31:16 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : IP match but Default last condition Jul 10 22:31:23 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (176.203.127.247%1701) is requesting: /use1/ Jul 10 22:31:23 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP match Jul 10 22:31:23 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Catch-1 use1 to use - redirecting Jul 10 22:31:23 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (176.203.127.247%1701) is requesting: / Jul 10 22:31:23 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP match Jul 10 22:31:23 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : IP match but Default last condition
- Neeraj_Jags_152correction from ie & mozilla.
- Neeraj_Jags_152
final logs, I tried... ie and mozilla always not same result. first ie and next is from mozilla Jul 10 23:02:04 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (176.203.127.247%1701) is requesting: /use1/ Jul 10 23:02:04 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP match Jul 10 23:02:04 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Catch-1 use1 to use - redirecting Jul 10 23:02:04 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (176.203.127.247%1701) is requesting: /use/ Jul 10 23:02:04 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP match Jul 10 23:02:04 tmm1 info tmm1[7009]: Rule /DMS_Prod/test_i_Rule_ECR_2 : IP match but Default last condition
Jul 10 23:02:32 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (176.203.127.247%1701) is requesting: /use1/ Jul 10 23:02:32 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP match Jul 10 23:02:32 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Catch-1 use1 to use - redirecting Jul 10 23:02:32 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client (176.203.127.247%1701) is requesting: / Jul 10 23:02:32 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : Client IP match Jul 10 23:02:32 tmm info tmm[7008]: Rule /DMS_Prod/test_i_Rule_ECR_2 : IP match but Default last condition
- Neeraj_Jags_152
Now Why I am thinking that http to https forwarding some problem exist in F5. however http to http forwarder is getting logged as expected also in val log ltm.
- Kevin_Stewart
A few things to consider:
-
With the redirects to the https VIP in place, and no similar iRule on the https VIP, that would explain why you're not seeing the second part of the log (for the /use/ condition).
-
There has to be something unusual about your IE browser. Please try the same tests from command line cURL and other browsers. I'm guessing you'll see behavior in each of these that more resembles mozilla.
-
