Forum Discussion
Angelo
Nimbostratus
NimbostratusI-rule persistence
Hi
with a i-rule i know you can add persistence, but how do you add session persistence on a i-rule but also have the source IP in the header of conent..
5 Replies
- nitass
Employee
how do you add session persistence on a i-rule but also have the source IP in the header of conent.sorry i cannot catch you. can you provide an example? 
Angelothe requirement for the site is.. that the source IP address needs to in the headers after logging in. and there needs to be session persistence on the VS as well. because i have IP restrictions and i only have one VS running with a irule to split the site's to there respective pools. i can't add persistence in the VS so i need to add it in the irule for this site...- nitassis it http/https traffic? if so, is x-forwarded-for (http profile) or http::header insert (irule) usable?
sol4816: Using the X-Forwarded-For HTTP header to preserve the original client IP address for traffic translated by a SNAT
http://support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html - Angeloit's a https site, x-forwarders is disabled on the http profile. i have a streaming irule for the inserting but the persistence is the problem
when HTTP_REQUEST {
disable stream processing for request traffic
STREAM::disable
s store the client IP address
set client_ip [IP::client_addr]
}
when HTTP_RESPONSE {
if { [HTTP::header Content-Type] equals "text/html" } {
establish the stream expression - here we're just modifying the contents <br /> STREAM::expression "@@ - ($client_ip)@"
enable stream processing
STREAM::enable
}
} - nitasssorry i still do not understand what the problem is. you can control bigip behavior using irule. for example, i want to send traffic to different pool based on uri. anyway, i need x-forwarded-for header and cookie persistence on one pool only. the following is my configuration.
[root@ve10:Active] config b virtual bar list virtual bar { snat automap destination 172.28.19.79:80 ip protocol 6 rules myrule persist cookie profiles { http {} tcp {} } } [root@ve10:Active] config b pool foo1 list pool foo1 { members 200.200.200.101:80 {} } [root@ve10:Active] config b pool foo2 list pool foo2 { members 200.200.200.111:80 {} } [root@ve10:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]] { "/foo1*" { HTTP::header insert X-Forwarded-For [IP::client_addr] persist cookie pool foo1 } default { persist none pool foo2 } } } } 1st request to /foo1/something on client [root@centos11 ~] curl -I http://172.28.19.79/foo1/something HTTP/1.1 404 Not Found Date: Fri, 26 Oct 2012 08:21:56 GMT Server: Apache/2.2.3 (CentOS) Connection: close Content-Type: text/html; charset=iso-8859-1 Set-Cookie: BIGipServerfoo1=1707657416.20480.0000; path=/ packet trace on bigip [root@ve10:Active] config ssldump -Aed -nni 0.0 port 80 New TCP connection 1: 172.28.20.11(59314) <-> 172.28.19.79(80) 1351238672.9938 (0.0010) C>S --------------------------------------------------------------- HEAD /foo1/something HTTP/1.1 User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.79 Accept: */* --------------------------------------------------------------- New TCP connection 2: 200.200.200.10(59314) <-> 200.200.200.101(80) 1351238672.9957 (0.0016) C>S --------------------------------------------------------------- HEAD /foo1/something HTTP/1.1 User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.79 Accept: */* X-Forwarded-For: 172.28.20.11 --------------------------------------------------------------- 2nd request too /something on client [root@centos11 ~] curl -I http://172.28.19.79/something HTTP/1.1 404 Not Found Date: Fri, 26 Oct 2012 08:04:34 GMT Server: Apache/2.2.3 (CentOS) Connection: close Content-Type: text/html; charset=iso-8859-1 packet trace on bigip [root@ve10:Active] config ssldump -Aed -nni 0.0 port 80 New TCP connection 1: 172.28.20.11(59315) <-> 172.28.19.79(80) 1351238750.4956 (0.0008) C>S --------------------------------------------------------------- HEAD /something HTTP/1.1 User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.79 Accept: */* --------------------------------------------------------------- New TCP connection 2: 200.200.200.10(59315) <-> 200.200.200.111(80) 1351238750.4968 (0.0010) C>S --------------------------------------------------------------- HEAD /something HTTP/1.1 User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.79 Accept: */* ---------------------------------------------------------------
