For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Angelo's avatar
Angelo
Icon for Nimbostratus rankNimbostratus
Oct 26, 2012

I-rule persistence

Hi     with a i-rule i know you can add persistence, but how do you add session persistence on a i-rule but also have the source IP in the header of conent..  
application delivery
dev
devops
iRules
nitass's avatar
nitass
Icon for Employee rankEmployee
Oct 26, 2012
sorry i still do not understand what the problem is. you can control bigip behavior using irule. for example, i want to send traffic to different pool based on uri. anyway, i need x-forwarded-for header and cookie persistence on one pool only. the following is my configuration. 

[root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   destination 172.28.19.79:80
   ip protocol 6
   rules myrule
   persist cookie
   profiles {
      http {}
      tcp {}
   }
}
[root@ve10:Active] config  b pool foo1 list
pool foo1 {
   members 200.200.200.101:80 {}
}
[root@ve10:Active] config  b pool foo2 list
pool foo2 {
   members 200.200.200.111:80 {}
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when HTTP_REQUEST {
   switch -glob [string tolower [HTTP::uri]] {
      "/foo1*" {
         HTTP::header insert X-Forwarded-For [IP::client_addr]
         persist cookie
         pool foo1
      }
      default {
         persist none
         pool foo2
      }
   }
}
}

 1st request to /foo1/something
 on client

[root@centos11 ~] curl -I http://172.28.19.79/foo1/something
HTTP/1.1 404 Not Found
Date: Fri, 26 Oct 2012 08:21:56 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: BIGipServerfoo1=1707657416.20480.0000; path=/

 packet trace on bigip

[root@ve10:Active] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.20.11(59314) <-> 172.28.19.79(80)
1351238672.9938 (0.0010)  C>S
---------------------------------------------------------------
HEAD /foo1/something HTTP/1.1
User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.19.79
Accept: */*

---------------------------------------------------------------

New TCP connection 2: 200.200.200.10(59314) <-> 200.200.200.101(80)
1351238672.9957 (0.0016)  C>S
---------------------------------------------------------------
HEAD /foo1/something HTTP/1.1
User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.19.79
Accept: */*
X-Forwarded-For: 172.28.20.11

---------------------------------------------------------------

 2nd request too /something
 on client

[root@centos11 ~] curl -I http://172.28.19.79/something
HTTP/1.1 404 Not Found
Date: Fri, 26 Oct 2012 08:04:34 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: text/html; charset=iso-8859-1

 packet trace on bigip

[root@ve10:Active] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.20.11(59315) <-> 172.28.19.79(80)
1351238750.4956 (0.0008)  C>S
---------------------------------------------------------------
HEAD /something HTTP/1.1
User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.19.79
Accept: */*

---------------------------------------------------------------

New TCP connection 2: 200.200.200.10(59315) <-> 200.200.200.111(80)
1351238750.4968 (0.0010)  C>S
---------------------------------------------------------------
HEAD /something HTTP/1.1
User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.19.79
Accept: */*

---------------------------------------------------------------