irule - persistance for url path

The iRule persist command would take precedence over the VIP's configuration. If you want to do exactly what you've described (persist requests for a specific URI longer than the default VIP profile), you can use an iRule like this:

 
 when HTTP_REQUEST { 
  
     Check requested path 
    switch -glob [HTTP::path] { 
       "/apps/aml/*" { 
           Persist client for 10 hours 
          persist source_addr 36000 
       } 
       default { 
           Persist client for 1 hour 
          persist source_addr 3600 
       } 
    } 
 } 
 

I think you'd need to specify the persistence timeout for both matching and non-matching requests as the persistence from the VIP may not be used for subsequent HTTP requests over the same TCP connection. You could test this by making requests over the same TCP connection (one which matches the URI check and one that doesn't) and checking the 'b persist all show all' output. You would want to comment out the second persist command (persist source_addr 3600) while testing this to see if the timeout on the VIP's persistence profile is used.

Also, if a client would typically make a request to /apps/aml and then a later request to a non-"/apps/aml" URI, you would probably still want to keep their persistence timeout set to 10 hours. Else, a client who first requested "/apps/aml" received a 36000 timeout record, requested a non-"/apps/aml" URI and received a 3600 timeout record and then waited more than 3600 seconds to make the next request would no longer get persisted to the same server as when they first requested "/apps/aml". I hope that's clear, but please reply if it's not.

To handle this, you might want to use uie persistence based on the client IP and some token which indicates they're getting a longer timeout:

 
 when HTTP_REQUEST { 
  
     Check if there is an existing UIE persistence record 
    if {[persist lookup uie "[IP::client_addr]_apps"] ne ""}{ 
  
        Use the existing UIE persistence record regardless of which URI was requested 
       persist uie "[IP::client_addr]_apps"] 36000 
  
    } else { 
  
        Check requested path 
       switch -glob [HTTP::path] { 
          "/apps/aml/*" { 
              Persist client for 10 hours using client IP _ apps 
             persist uie "[IP::client_addr]_apps" 36000 
          } 
          default { 
              Persist client for 1 hour 
             persist source_addr 3600 
          } 
       } 
    } 
 } 
 

Aaron

Hoolio, many many thanks for your reply. I shall test out your suggestions in a test enviornment and get back to you.

Hi there; due to the way the application behaves we have decided to implement insert cookie persistance profile for path /apps/aml/*, leaving the cookie name as blank; using default. Therefore would the irule have the following syntax:

 

 

persist cookie insert_cookie

 

 

instead of:

 

 

persist source_addr 3600

 

 

And default syntax remain the same as you have shown previously.

 

 

I have as yet not tested under the same TCP connection, but if you could confirm the irule syntax for insert cookie method, that would be greate and i can then undergo testing.

 

 

Many thanks

 

 

Cookie insert persistence seems like a good solution here as well. You can use this format:

 

 

persist cookie insert "cookie_name" 3600

 

 

This will trigger the use of a persistence cookie named cookie_name. If you want to use a session cookie that the client should keep for the duration of the browser being open, you can remove the timeout from the end. Else, LTM will set a time-expired cookie valid for one hour.

 

 

To test multiple HTTP requests on the same TCP connection manually, you can use nc (netcat) from the command line of LTM itself (nc 1.1.1.1 80) and then type/paste in the HTTP headers you want to send for each request.

 

 

Aaron

Hi Hoolio,

 

 

It appears that under the same TCP connection, when browsing to a non /apps/aml path under the same virtual server, the cookie perisistance is till beign used, and vice versa, when browsing to an /apps/aml path under the same TCP connection under the ame virtual server, source address persistance is being used.

 

 

How can i amend the following you sent in your earlier reply to use cookie persistance for path /apps/aml and default source address persistence.

 

 

Or having the virtual server set to cookie will adhere to the section before "default" and therefore the code below does not need to be amended?

 

 

when HTTP_REQUEST {

 

 

Check if there is an existing UIE persistence record

 

if {[persist lookup uie "[IP::client_addr]_apps"] ne ""}{

 

 

Use the existing UIE persistence record regardless of which URI was requested

 

persist uie "[IP::client_addr]_apps"] 36000

 

 

} else {

 

 

Check requested path

 

switch -glob [HTTP::path] {

 

"/apps/aml/*" {

 

Persist client for 10 hours using client IP _ apps

 

persist uie "[IP::client_addr]_apps" 36000

 

}

 

default {

 

Persist client for 1 hour

 

persist source_addr 3600

 

}

 

}

 

}

 

}

 

my url is https://www.abc.com

 

 

does the " when HTTP_REQUEST" also working or any other like "when HTTPS_REQUEST"

 

 

Thanks

 

 

Michael

Hi Michael,

 

 

You'd need to import the server cert/key for www.abc.com, add it to a client SSL profile and add that to the HTTPS virtual server in order to inspect or modify the HTTP headers or payload. There aren't HTTPS_* events--just HTTP_* which can be used after the SSL has been decrypted.

 

 

Aaron

Thank you very much Aaron,

 

 

yeah, i setup ssl profile already.

 

 

And i also created irule to setup different persistence time (persistence command) base on url path, now it has been passed to qa for testing.

 

 

hopefully it will work. Appreciate for your help!

 

 

Otherwsie, i may need to bug you agagin here. :-)

 

 

Michael