For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ajit_Mohan_2587's avatar
Ajit_Mohan_2587
Icon for Nimbostratus rankNimbostratus
Mar 08, 2011

https redirect - maintenance page

Hello Everyone,

 

 

I am new to irules so I need some help.

 

We have a HTTPS Virtual Server configured on the LTM with four web servers in the pool. The certificate is installed on the F5 (SSL Client profile). We have a requirement to redirect users to a maintenance page when all the web servers are down (web servers are monitored using a monitor at the pool level). I was looking at irules to accomplish this.

 

Looking around the forum's I found a link to an irule " http://devcentral.f5.com/wiki/default.aspx/iRules/HTTPS_passthrough_fallback_URL.html" which is exactly what I am trying to achieve

 

 

To test it, I applied the irule to the Virtual server and manually disabled all the servers in the pool. As expected the web requests were redirected to the maintenance website. However when I enabled one of the web servers and tried to access the website it does not come up, it just shows me a blank screen with a status saying its trying to connect...

 

 

Am i missing something?

 

 

Any help is greatly appreciated

 

 

Thanks.

 

config
design

5 Replies

  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Mar 08, 2011
    That rule appears to let the pool members do the decryption unless they're down in which case LTM will do the decryption and then send the user to the maintenance page.

     

     

    It sounds like you're simply trying to redirect users to the maint page if the pool members are down. Is that correct?
  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Mar 08, 2011
    How about something like this? 

    
when HTTP_REQUEST {
    if {  [active_members poolx] < 1 } {
         HTTP::redirect "http://www.example.com/maintenance.html" }
    }

    Otherwise, you could use the "Fallback Host" option from an HTTP Profile. That's usually the easiest option.
  • Ajit_Mohan_2587's avatar
    Ajit_Mohan_2587
    Icon for Nimbostratus rankNimbostratus
    Mar 08, 2011
    Thanks Cris, Yes I realised it later that the iRule was passing SSL thru to the nodes. I am using the below irule now, which seems to work fine

     

     

    when HTTP_REQUEST {

     

     

    if { [active_members [LB::server pool]] <1 } {

     

     

    HTTP::redirect "http://maintenance.page.com"

     

    TCP::close

     

    }

     

    }

     

     

     

     

     

     

     

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Mar 08, 2011
    That iRule was designed to only decrypt the SSL if no pool members were available. To get the functionality you're looking for, you should be able to use the fallback host field on an HTTP profile without an iRule.

     

     

    Aaron