HTTP::URI redirect to another Pool

You could add logging to see exactly what's happening. You can also use a switch statement if you plan on adding more cases to the iRule:

when HTTP_REQUEST {
   log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::method] request to [HTTP::host][HTTP::uri]"
   switch -glob [HTTP::uri] {
      "*content1" {
         pool content_pool_1
         log local0. "[IP::client_addr]:[TCP::client_port]: matched content1. Pool: [LB::server]"
      }
      "/abc*" {
         pool abc_servers
         log local0. "[IP::client_addr]:[TCP::client_port]: matched abc. Pool: [LB::server]"
      }
      default {
         log local0. "[IP::client_addr]:[TCP::client_port]: default. Pool: [LB::server]"
         log local0. "No match"
      }
   }
}
when SERVER_CONNECTED {
    Debug logging only. Remove this event once done testing
   log local0. "[IP::client_addr]:[TCP::client_port]: server: [LB::server], [IP::server_addr]:[TCP::server_port]"
}

You'll probably want to add a OneConnect profile to the VS any iRule that selects a pool only in some cases to ensure that a load balancing decision is honored for each HTTP request instead of once per clientside TCP connect. If you're using SNAT you can use the default 0.0.0.0 source mask OneConnect profile. If you're not using SNAT, you should create a custom 255.255.255.255 source mask OneConnect profile to keep the source IP address accurate on serverside connections. See these OneConnect articles for details:

http://devcentral.f5.com/wiki/default.aspx/AdvDesignConfig/oneconnect.html

http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=114

Aaron

Thanks Hoolio...

 

 

can you confirm that I'm going about this correctly in terms of the configs (prior to the irule, as that seem to really be the simple part...)

 

 

Original Config:

 

 

Virtual Server - VIP (.5)

 

Content_Pool_2

 

Node 1 (.10)

 

Node 2 (.11)

 

 

simple iRule resource to redirect HTTP >> HTTPS

 

 

when HTTP_REQUEST {

 

HTTP::redirect https://[HTTP::host][HTTP::uri]

 

}

 

 

 

result is a request to HTTP://x.x.x.5 gets switched to HTTPS:// and routed to either Node 1 or Node 2 based on least connections.

 

 

New Config (no virtual server assignment or association):

 

Content_Pool_1

 

Node 1 (.13)

 

 

result is a request to HTTP://x.x.x.5 gets switched to HTTPS:// and routed to either Node 1 or Node 2 based on least connections, and a request to HTTP://x.x.x.5/content1 gets switched to HTTPS:// and routed to Node 3

 

 

This is the New iRule:

 

 

when HTTP_REQUEST {

 

if { [HTTP::uri] ends_with "content1" } {

 

pool content_pool_1}

 

 

HTTP::redirect https://[HTTP::host][HTTP::uri]

 

}

 

 

What your wanting can be done several ways.

result is a request to HTTP://x.x.x.5" target="_blank" rel="nofollow">HTTP://x.x.x.5 gets switched to HTTPS:// and routed to either Node 1 or Node 2 based on least connections.

A Simple HTTP to HTTPS Redirect can be done using the iRule below (Placed this iRule on your Port 80 Virtual Server). The Routing to Node1 or Node2 won't happen because what your doing is a full 302 Redirect from HTTP to HTTPS.

when HTTP_REQUEST {
  HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
}

This iRule can be placed on either your Port 80 or 443 Virtual Server. When applied to your Port 80 Virtual Server it will 302 Redirect to your Port 443 Virtual Server (again, no node specification because it is a redirect). When applied to your Port 443 Virtual Server, it will override the Virtual Server Pool Setting and send traffic to a specified Server Pool.

 
when HTTP_REQUEST {
if {[TCP::local_port] == 80 } {
HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
}
elseif {[TCP::local_port] == 443 } {
pool Content_Pool_1
}
}

I think Michael's suggestion of one HTTP VS with the redirect of all requests to HTTPS and then a separate HTTPS VS with a separate pool switching iRule, will be the simplest to configure and administer.

 

 

Aaron

Well There's yer problem!

I wasn't aware that iRules are case-sensitive...

I took Michael's advice of using 2 rules to make this happen:

On the HTTP virtual server:

when HTTP_REQUEST {
HTTP::redirect https://[HTTP::host][HTTP::uri]
}

And on the HTTPS virtual server:

when HTTP_REQUEST {
  if { ([HTTP::uri] starts_with "/Content")} {
     pool Content_Pool
  } 
}

However, I was still getting 404 errors in the browser when trying to hit https://www.website.com/content

On a fluke, I typed in https://www.website.com/Contentand everything worked as expected.

Thanks everyone for your help.

New issue though... I noticed while troubleshooting that the Client-IP that shows up in the IIS logs of any of the nodes (pool 1 or 2), is the IP of the LTM, not that of my actual desktop client.

Is there somewhere I need to tweak in the LTM config to pass along the original/real Client-IP rather than that of the device?

thanks!

If the pool members have a route back to the client through LTM, you can avoid using SNAT and LTM won't translate the source IP to its own address on serverside connections. If the pool members don't have LTM as their default gateway or the clients are on the same subnet as the pool members, you'll need to use SNAT. The simplest way to enable SNAT is to set SNAT to automap on the virtual server.

 

 

For HTTP or LTM decrypted HTTPS, you can insert a custom X-Forwarded-For header which the web application can read. SeeSOL4816 for details on this:

 

 

SOL4816: Using the X-Forwarded-For HTTP header to preserve the original client IP address for traffic translated by a SNAT

 

https://support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html

 

 

Aaron

I need to create an iRule for an F5 build where the pool members are listening on a custom port (9200) for a VIP configured on port 80 that will load balance a web interface. Basically the intention is to redirect the HTTP request to one of the pool members on the custom port, and append a string of characters such as "/psp/maps/local" with the redirect to access a particular resource on the web interface.

 

 

Below is a sample work in progress, which is syntactically incorrect to demonstrate what I intend to achieve.

 

 

when HTTP_REQUEST {

 

if { [HTTP::path] equals "/" } {

 

pool pool_9200

 

HTTP::redirect [HTTP::host][HTTP::uri] "/psp/maps/local"

 

}

 

}

 

 

For obvious reasons "[HTTP::host][HTTP::uri]" cannot work, because the pool members are not listening on Port 80.

 

 

Any feedback will be highly appreciated.

 

 

Thanks!

are you looking for rewriting or redirection?

What Is the Difference Between URL Rewrite and Redirect?

http://computer.yourdictionary.com/articles/what-is-the-difference-between-url-rewrite-and-redirect.html

this is an example of rewriting.

[root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.79:80
   ip protocol 6
   rules myrule
   profiles {
      http {}
      tcp {}
   }
}
[root@ve10:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:9200 {}
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when HTTP_REQUEST {
   if { [HTTP::path] equals "/" } {
      pool foo
      HTTP::uri "/psp/maps/local"
   }
}
}

[root@ve10:Active] config  ssldump -Aed -nni 0.0 port 80 or port 9200
New TCP connection 1: 172.28.20.11(59720) <-> 172.28.19.79(80)
1351654379.4628 (0.0012)  C>S
---------------------------------------------------------------
HEAD / HTTP/1.1
User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.19.79
Accept: */*

---------------------------------------------------------------

New TCP connection 2: 200.200.200.10(59720) <-> 200.200.200.101(9200)
1351654379.4648 (0.0018)  C>S
---------------------------------------------------------------
HEAD /psp/maps/local HTTP/1.1
User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.19.79
Accept: */*

---------------------------------------------------------------

Suppose if I have "www.suppose.com" behind an F5 with two web servers (192.168.1.1 & 192.168.1.2) listening on port 9200. I want an iRule that will append "/psp/rewrite/redirection" to either pool members it intends to send load balance instance to "http://192.168.1.1:9200" or "http://192.168.1.2:9200" to get "http://192.168.1.1:9200/psp/rewrite/redirection" or http://192.168.1.2:9200/psp/rewrite/redirection , so that load balancing can be done for www.suppose.com/psp/rewrite/redirection without reserving separate VIP/DNS entries.

 

 

In other words both "http://192.168.1.1:9200" and "http://192.168.1.2:9200" should lead to www.suppose.com/psp/rewrite/redirection by appending aforementioned string to the URL or redirect (not sure). So

 

 

"http://192.168.1.1:9200" append aforementioned string to get "http://192.168.1.1:9200/psp/rewrite/redirection" => www.suppose.com/psp/rewrite/redirection

 

 

 

Or

 

"http://192.168.1.2:9200" append aforementioned string to get "http://192.168.1.2:9200/psp/rewrite/redirection" => www.suppose.com/psp/rewrite/redirection

 

 

 

r_dynamo

 

 

Did you try the iRule that nitass has given you?

 

Is it not working? What happens when you test sending your request through it?

 

 

 

Thanks,

 

Mohamed.