Forum Discussion
breasoner_11658
Nimbostratus
Mar 02, 2012Inserting WL-Proxy-SSL header via iRule
Hello -
I have an application that is a bit strange in the sense that certain pages require the "WL-Proxy-SSL: true" request header to display all elements on the page via SSL, but other pages on the site won't load with that header inserted. I am able to selectively remove the request header for the elements that won't use it, but there are about 25 of them as opposed to 4 elements that need the header. I have read everything that I can find regarding the HTTP::header insert string, but it just doesn't work for me. I'm running BIG-IP version 10.2.0 HF2. According to everything I've read, this should work! What am I missing?
Below is an excerpt of the current iRule:
Portal context
set portal_uri "/portal"
Layouts context
set layouts_uri "/_layouts"
Set Header information
set WLheader "WL-Proxy-SSL"
set WLheaderVal "true"
Retrieve the list of pools from the data group list
set clientPoolList [ findclass $host $DATA_GROUP_LIST " " ]
Route requests to Portal.
if { $uri starts_with $portal_uri }{
HTTP::header insert $WLheader $WLheaderVal
Identify the Portal pool
set portal_pool [getfield $clientPoolList " " 3]
log local0.notice "Forwarding to Portal pool: $portal_pool. Uri: $uri"
pool $portal_pool
return
} elseif { $uri starts_with $layouts_uri }{
HTTP::header insert $WLheader $WLheaderVal
log local0. "Inserting $WLheader: [HTTP::header value $WLheader]"
Identify the Portal pool
set portal_pool [getfield $clientPoolList " " 3]
log local0.notice "Forwarding to Portal pool: $portal_pool. Uri: $uri"
pool $portal_pool
return
15 Replies
- What exactly isn't working? Is the header not getting inserted or is the pool assignment not working sending it to your specified pool? The code looks good but I can't tell if the logic is correct since I don't know the contents of the DATA_GROUP_LIST data group, nor the URI's that you are testing.
- breasoner_11658
Nimbostratus
The traffic is getting directed to the pool correctly, but the header isn't getting inserted.
- hoolio
Cirrostratus
Can you post the full iRule and logs from a failure? Feel free to anonymize both if they contain sensitive info. - Also, odds are that the log statement
- hoolio
Cirrostratus
I don't think values for HTTP::header are cached:when HTTP_REQUEST { log local0. "\[HTTP::header my_header\] pre: [HTTP::header my_header]" HTTP::header insert my_header my_value log local0. "\[HTTP::header my_header\] post: [HTTP::header my_header]" }
- breasoner_11658
Nimbostratus
Sorry - Code tags not working for me - trying again... - Looks to me like the header is getting inserted. How are you testing it on your backend server to verify that it's not making it there?
- breasoner_11658
Nimbostratus
Nothing that sensitive in the iRule, here's the full text.when HTTP_REQUEST { The Wfm3g Datagroup List set DATA_GROUP_LIST QA-Multiple-Portal Get the request Host set host [HTTP::host] Get the URI set uri [string tolower [HTTP::uri]] The Wfm3g session cookie name set wfm3g_cookie_name "JSESSIONID" The Jasper Server session cookie name set jasper_cookie_name "JASPERSESSIONID" The JasperServer web context set jasperreports_uri "/jasperserver-pro" The JasperServer is down URL set jasperisdownurl "/ute/jsp/reportingServerUnavailable.jsp" The default JasperServer Pool name. Used if one is not specified in the data group list for the client. set DEFAULT_JASPER_POOL "Default-Jasper-Pool" 3G wfm context set wfm3g_wfm_uri "/wfm" Script Resource context set scriptresource_uri "/scriptresource.axd" Web Resource context set webresource_uri "/webresource.axd" Portal context set portal_uri "/portal" set DEFAULT_PORTAL_POOL "Portal-PMQA-Pool" Layouts context set layouts_uri "/_layouts" Set Header information set WLheader "WL-Proxy-SSL" set WLheaderVal "true" Retrieve the list of pools from the data group list set clientPoolList [ findclass $host $DATA_GROUP_LIST " " ] Route requests to Portal. if { $uri starts_with $portal_uri }{ HTTP::header insert $WLheader $WLheaderVal Identify the Portal pool set portal_pool [getfield $clientPoolList " " 3] log local0.notice "Forwarding to Portal pool: $portal_pool. Uri: $uri" pool $portal_pool return } elseif { $uri starts_with $layouts_uri }{ HTTP::header insert $WLheader $WLheaderVal log local0. "Inserting $WLheader: [HTTP::header value $WLheader]" Identify the Portal pool set portal_pool [getfield $clientPoolList " " 3] log local0.notice "Forwarding to Portal pool: $portal_pool. Uri: $uri" pool $portal_pool return } elseif { $uri starts_with $scriptresource_uri }{ HTTP::header insert $WLheader $WLheaderVal Identify the Portal pool set portal_pool [getfield $clientPoolList " " 3] log local0.notice "Forwarding to Portal pool: $portal_pool. Uri: $uri" pool $portal_pool return } elseif { $uri starts_with $webresource_uri }{ HTTP::header insert $WLheader $WLheaderVal Identify the Portal pool set portal_pool [getfield $clientPoolList " " 3] log local0.notice "Forwarding to Portal pool: $portal_pool. Uri: $uri" pool $portal_pool return Route requests to Jasper. } elseif { $uri starts_with $jasperreports_uri }{ Identify the Jasper pool set jasper_pool [getfield $clientPoolList " " 2] If Jasper pool is not explicitly set for the client, use default if { $jasper_pool eq "" }{ set jasper_pool $DEFAULT_JASPER_POOL } Make sure there is at least one Jasper server running if { [active_members $jasper_pool] < 1 } { HTTP::redirect $jasperisdownurl } else { log local0.notice "Forwarding to Jasper Report pool: $jasper_pool. Uri: $uri" pool $jasper_pool return } Route WFM requests to 3G Pool } elseif { $uri starts_with $wfm3g_wfm_uri }{ set wfm3g_pool [getfield $clientPoolList " " 1] log local0.notice "Forwarding to WFM3G pool: $wfm3g_pool. Uri: $uri" pool $wfm3g_pool return } elseif { $uri equals "/" }{ HTTP::uri "/wfm" set wfm3g_pool [getfield $clientPoolList " " 1] log local0.notice "BLANK URI - Forwarding to WFM3G pool: $wfm3g_pool. Uri: $uri" pool $wfm3g_pool return } else { Identify the 3G pool set wfm3g_pool [getfield $clientPoolList " " 1] foreach header {WL-Proxy-SSL} { log local0. "Removing $header: [HTTP::header value $header]" HTTP::header remove $header log local0.notice "Forwarding to WFM3G pool: $wfm3g_pool. Uri: $uri" pool $wfm3g_pool return } } } when HTTP_RESPONSE { Secure the outbound Wfm3g cookie. if { [HTTP::cookie exists $wfm3g_cookie_name] } { HTTP::cookie secure $wfm3g_cookie_name enable } Secure the outbound JasperServer cookie. if { [HTTP::cookie exists $jasper_cookie_name] } { HTTP::cookie secure $jasper_cookie_name enable } }
Mar 2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : ============================================= Mar 2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : Client -> Mar 2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : Accept: */* Mar 2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : Referer: https:// Mar 2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : Accept-Language: en-US Mar 2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; Tablet PC 2.0; .NET4.0C; .NET4.0E; .NET CLR 1.1.4322; MS-RTC LM 8; InfoPath.3) Mar 2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : Accept-Encoding: gzip, deflate Mar 2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : Host: Mar 2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : Connection: Keep-Alive Mar 2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : Cookie: JSESSIONID=8mnLPQ1F6hWCs5JL2jqx1pt9FGbBnhRz9p5v2LXNH2yS3KnlhvCn!-721761555 Mar 2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : WL-Proxy-SSL: true Mar 2 11:30:41 local/tmm1 info tmm1[5151]: Rule HeaderLogger : =============================================
Mar 2 13:23:02 local/tmm info tmm[5150]: Rule HeaderLogger : ============================================= Mar 2 13:23:02 local/tmm info tmm[5150]: Rule HeaderLogger : Client (request) Mar 2 13:23:02 local/tmm info tmm[5150]: Rule HeaderLogger : Host: Mar 2 13:23:02 local/tmm info tmm[5150]: Rule HeaderLogger : User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:10.0.2) Gecko/20100101 Firefox/10.0.2 Mar 2 13:23:02 local/tmm info tmm[5150]: Rule HeaderLogger : Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Mar 2 13:23:02 local/tmm info tmm[5150]: Rule HeaderLogger : Accept-Language: en-us,en;q=0.5 Mar 2 13:23:02 local/tmm info tmm[5150]: Rule HeaderLogger : Accept-Encoding: gzip, deflate Mar 2 13:23:02 local/tmm info tmm[5150]: Rule HeaderLogger : Connection: keep-alive Mar 2 13:23:02 local/tmm info tmm[5150]: Rule HeaderLogger : Cookie: JSESSIONID=wrbfPRQFpZVfJ2x1P78LfnLwyBy9chTyxyNpPLshVDhVNwyY0K0v!-721761555 Mar 2 13:23:02 local/tmm info tmm[5150]: Rule HeaderLogger : =============================================
- breasoner_11658
Nimbostratus
One more try at the iRule text. Am I adding too much info at once?when HTTP_REQUEST { The Wfm3g Datagroup List set DATA_GROUP_LIST QA-Multiple-Portal Get the request Host set host [HTTP::host] Get the URI set uri [string tolower [HTTP::uri]] The Wfm3g session cookie name set wfm3g_cookie_name "JSESSIONID" The Jasper Server session cookie name set jasper_cookie_name "JASPERSESSIONID" The JasperServer web context set jasperreports_uri "/jasperserver-pro" The JasperServer is down URL set jasperisdownurl "/ute/jsp/reportingServerUnavailable.jsp" The default JasperServer Pool name. Used if one is not specified in the data group list for the client. set DEFAULT_JASPER_POOL "Default-Jasper-Pool" 3G wfm context set wfm3g_wfm_uri "/wfm" Script Resource context set scriptresource_uri "/scriptresource.axd" Web Resource context set webresource_uri "/webresource.axd" Portal context set portal_uri "/portal" set DEFAULT_PORTAL_POOL "Portal-PMQA-Pool" Layouts context set layouts_uri "/_layouts" Set Header information set WLheader "WL-Proxy-SSL" set WLheaderVal "true" Retrieve the list of pools from the data group list set clientPoolList [ findclass $host $DATA_GROUP_LIST " " ] Route requests to Portal. if { $uri starts_with $portal_uri }{ HTTP::header insert $WLheader $WLheaderVal Identify the Portal pool set portal_pool [getfield $clientPoolList " " 3] log local0.notice "Forwarding to Portal pool: $portal_pool. Uri: $uri" pool $portal_pool return } elseif { $uri starts_with $layouts_uri }{ HTTP::header insert $WLheader $WLheaderVal log local0. "Inserting $WLheader: [HTTP::header value $WLheader]" Identify the Portal pool set portal_pool [getfield $clientPoolList " " 3] log local0.notice "Forwarding to Portal pool: $portal_pool. Uri: $uri" pool $portal_pool return } elseif { $uri starts_with $scriptresource_uri }{ HTTP::header insert $WLheader $WLheaderVal Identify the Portal pool set portal_pool [getfield $clientPoolList " " 3] log local0.notice "Forwarding to Portal pool: $portal_pool. Uri: $uri" pool $portal_pool return } elseif { $uri starts_with $webresource_uri }{ HTTP::header insert $WLheader $WLheaderVal Identify the Portal pool set portal_pool [getfield $clientPoolList " " 3] log local0.notice "Forwarding to Portal pool: $portal_pool. Uri: $uri" pool $portal_pool return Route requests to Jasper. } elseif { $uri starts_with $jasperreports_uri }{ Identify the Jasper pool set jasper_pool [getfield $clientPoolList " " 2] If Jasper pool is not explicitly set for the client, use default if { $jasper_pool eq "" }{ set jasper_pool $DEFAULT_JASPER_POOL } Make sure there is at least one Jasper server running if { [active_members $jasper_pool] < 1 } { HTTP::redirect $jasperisdownurl } else { log local0.notice "Forwarding to Jasper Report pool: $jasper_pool. Uri: $uri" pool $jasper_pool return } Route WFM requests to 3G Pool } elseif { $uri starts_with $wfm3g_wfm_uri }{ set wfm3g_pool [getfield $clientPoolList " " 1] log local0.notice "Forwarding to WFM3G pool: $wfm3g_pool. Uri: $uri" pool $wfm3g_pool return } elseif { $uri equals "/" }{ HTTP::uri "/wfm" set wfm3g_pool [getfield $clientPoolList " " 1] log local0.notice "BLANK URI - Forwarding to WFM3G pool: $wfm3g_pool. Uri: $uri" pool $wfm3g_pool return } else { Identify the 3G pool set wfm3g_pool [getfield $clientPoolList " " 1] foreach header {WL-Proxy-SSL} { log local0. "Removing $header: [HTTP::header value $header]" HTTP::header remove $header log local0.notice "Forwarding to WFM3G pool: $wfm3g_pool. Uri: $uri" pool $wfm3g_pool return } } } when HTTP_RESPONSE { Secure the outbound Wfm3g cookie. if { [HTTP::cookie exists $wfm3g_cookie_name] } { HTTP::cookie secure $wfm3g_cookie_name enable } Secure the outbound JasperServer cookie. if { [HTTP::cookie exists $jasper_cookie_name] } { HTTP::cookie secure $jasper_cookie_name enable } }
- hoolio
Cirrostratus
Am I adding too much info at once?
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects