Forum Discussion
Nimbostratushttpclass vs irule uri priorities
Howdy,
I've a rule which is blocking or permitting access to certain URI's by means of a starts_with match. I can match "/testuri" against the request uri, e.g. /testuri/example and then reject the connection. This in itself is working well.
Seperately to this, I have an httpclass which redirects / to /home.
I was trying to set up my rule so that I would block / (i.e. every url by default) and then allow /testuri as a specfiic location underneath that. This again works fine, however the logic clashes with the redirect from / to /home.
Basically, the reject in the filtering irule is executed before the httpclass is processed, so as much as I can permit /home I can't perform the redirect to send the user there, meaning I can't use a default deny logic in my rule.
Is there any way to make the httpclass redirect happen before the iRule?
Frustraingly I recently replaced an iRule which was doing this / to /home redirect with an httpclass in order ot make the config more standard and readable, but as the processing is happening in a different stage in the process, I *seem* to be in a worse position now, as befhorehand I could just set a higher priority on one of the rules to execute the redirect before the block..
Thanks
Chris
5 Replies
What_Lies_Bene1Cirrostratus
I don't think you're able to change the execution order for anything really (other than between iRules as you mention). I think your only route here is to do it all in an iRule I'm afraid.- Joshua_106551What are others doing that would be in this same situation? Has anyone found a workaround?
- nitass
Employee
I was trying to set up my rule so that I would block / (i.e. every url by default) and then allow /testuri as a specfiic location underneath that. This again works fine, however the logic clashes with the redirect from / to /home.doesn't it work? did i miss something?
e.g.[root@ve10:Active] config b virtual bar list virtual bar { snat automap pool foo destination 172.28.19.252:80 ip protocol 6 rules myrule httpclass myhttpclass profiles { http {} tcp {} } } [root@ve10:Active] config b profile myhttpclass list profile httpclass myhttpclass { defaults from httpclass pool none redirect "http://[HTTP::host]/home" paths "/" } [root@ve10:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { switch -glob [string tolower [HTTP::path]] { "/testuri*" { } default { reject } } } } [root@ve10:Active] config curl -I http://172.28.19.252 HTTP/1.0 302 Found Location: http://172.28.19.252/home Connection: Keep-Alive Content-Length: 0 [root@ve10:Active] config curl -I http://172.28.19.252/home curl: (52) Empty reply from server [root@ve10:Active] config curl -I http://172.28.19.252/testuri/index.html HTTP/1.1 200 OK Date: Sun, 10 Feb 2013 07:43:28 GMT Server: Apache/2.2.3 (CentOS) Last-Modified: Sun, 10 Feb 2013 07:30:55 GMT ETag: "46801b-59-c5d949c0" Accept-Ranges: bytes Content-Length: 89 Content-Type: text/html; charset=UTF-8 
JnonI have not used the class much - since moving to 10.x - are the advantages behind the class, better performance or ??- nitassI have not used the class much - since moving to 10.x - are the advantages behind the class, better performance or ?? you mean httpclass, don't you?
i do not have any reference but i think it is. also, it is easier to configure and manage for a person who is not familiar with irule. anyway, irule is prefered for complexity requirement.
