Forum Discussion
AjayPra_161698
Nimbostratus
NimbostratusHttp traffic redirection with irule
Scenario: Nodes:Node1,Node2,Node3
Pool1:Node1,Node2
Pool2:Node3
Virtual Server:ABC
VIP 1.1.1.1
Port any
irule on VS
when HTTP_REQUEST {
set uagent [string tolower [HTTP::header User-Agent]]
if { $uagent contains "msie6" or $uagent contains "msie7" or $uagent contains "msie8" or $uagent contains "mozilla/4.0"}{
pool pool1
} else {
pool pool2
} }
With this configuration does the https traffic to VS will be affected by irule or just the http traffic
6 Replies
Michael_JenkinsCirrostratus
Yes. The iRule will affect all http traffic (http and https both). I would also suggest changing your
to aif
statement, since it's a little cleaner, especially if you plan to add more options in the future. (Just a thought)switchwhen HTTP_REQUEST { switch -glob -- [string tolower [HTTP::header value User-Agent]] { "*msie6*" - "*msie7*" - "*msie8*" - "*mozilla/4.0*" { pool pool1 default { pool pool2 } } }- Michael_Jenkins
The comments don't format links and stuff the same as 'answers', so I'll answer your question like this.
Here are a couple links to API documentation for how to do HTTP actions within an iRule:
- HTTP command, which lets you do a lot of stuff
- HTTP::header command, for managing headers themselves
natheCirrocumulus
not sure this will work with your VS configuration for https traffic. You need a clientssl profile to decrypt the ssl traffic so the bigip can read the http data (headers etc.). But if you add a clientssl profile then port 80 traffic won't work. N
AjayPra_161698Hi nathan, Thanks for your comment. I am not doing any ssl offloading on LTM.
Kleython_Kell_5Ajaypra,
then, did you test? the irule works on https traffic?
- nitass
Employee
it should but you have to do ssl offloading. without ssl offloading, bigip can't see http header (because it is encrypted).
