For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Jean_42123's avatar
Jean_42123
Icon for Nimbostratus rankNimbostratus
Sep 27, 2010

i-rule not being triggered on a virtual server

Hello Guys, I have the below i-rule that I have defined and I have applied it to the virtual server. Below is the whole configuration l ( including the profile, the i-rule and the virtual server ) but for some reasons the event is not being triggered althought http traffic is reaching the virtual server on port 8080. Can anyone advise if I missed anything. thanks in advance. Your support is really appreciated. 

profile http MMS_TrafficFilter_Profile {
   defaults from http
}


rule MMS_TrafficFilter {
   when HTTP_REQUEST {
     if {[HTTP::host] contains "mmsc.omanmobile.om" } {
        pool NWG_WAP2
        log local0."forwarding_traffic_to_wapgw_pool"
     } elseif { [HTTP::host] contains "192.168.220.8"} {
        pool NWG_WAP2
        log local0."forwarding_traffic_to_wapgw_pool" 
     } else {
        reject
        log local0."discarding_traffic"
  }
}
}


 virtual MMS_WAP2 {
   destination x.x.x.x:webcache
   lasthop pool lasthop_pool
   ip protocol tcp
   profile MMS_TrafficFilter_Profile tcp
   persist NWG_WAP2_Persistence
   pool NWG_WAP2
   rule MMS_TrafficFilter
   vlans external_mobile enable
}
application delivery
dev
devops
iRules

6 Replies

  • Jean_42123's avatar
    Jean_42123
    Icon for Nimbostratus rankNimbostratus
    Sep 27, 2010
    Does it have to do with the TCP profile to be added along with the http profile??
  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Sep 27, 2010
    Do you have an HTTP profile applied? I see the TCP and Persistence profiles but not an HTTP one...
  • Jean_42123's avatar
    Jean_42123
    Icon for Nimbostratus rankNimbostratus
    Sep 27, 2010
    Hi Chris,

    yes I have defined the HTTP profile and it's applied to the virtual server. 

    
profile http MMS_TrafficFilter_Profile {
   defaults from http
}
  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Sep 27, 2010
    And you aren't seeing any log entries at all? The connection count for this VS is incrementing, right?
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Sep 27, 2010
    MMS_TrafficFilter_Profile is the HTTP profile. If there wasn't an HTTP profile added to the VS, you'd get an error when trying to add the iRule to the VS.

     

     

    As you have an else case, something should be logged for every HTTP request to the virtual server. If you don't see anything logged for requests, I'd guess that requests might be coming in on a VLAN which the VS isn't enabled on. Can you try curling the VS directly from the command line of the LTM? You can use something like:

     

     

    curl -v http://1.2.3.4:8080/ -H "Host: 192.168.220.8"

     

     

    This will send an HTTP request to the VS on 1.2.3.4 port 8080 with the HTTP host header set to the IP address 192.168.220.8.

     

     

    Also, when you say that requests make it to the VS, but nothing is logged, how are you determining this? Are you checking /var/log/ltm and the VS stats or a tcpdump?

     

     

    Aaron
  • Jean_42123's avatar
    Jean_42123
    Icon for Nimbostratus rankNimbostratus
    Sep 28, 2010
    Hi Aaron,

     

     

    Actually, we are capturing the traffic using tcpdump that's how we are assuming that the traffic is reaching the VS and being forwarded to the pool.

     

     

    we will try the above curl command and get back to you.

     

     

    thanks.