Forum Discussion
iRule assistance
Looks like this iRule you require. condition sequence can be changed based on the preference.
when HTTP_REQUEST { if { !([class match [HTTP::uri] contains api_string])} { discard log local0. "connection DISCARDED from [IP::client_addr]" } elseif { [HTTP::path] starts_with "/resources/" } { pool pool_atldevngn } else { pool pool_atlapipool1 } }
- Michael_Saleem1Feb 28, 2019Cirrus
Do you want all requests going to /resources/ to be allowed and sent to pool pool_atldevngn even if the URI does NOT contain one of the values in the data group api_string? If so, the following might work also:
1) Checks if the URI contains one of the values in data group *api_string. If it it DOES, then send the request to pool pool_atlapipool1. If it does NOT, then:
2) Check if the path starts with /resources/. If it does, send the request to pool pool_atldevngn. If not, discard (drop) the request
when HTTP_REQUEST { if { !([class match [HTTP::uri] contains api_string])} { if { [HTTP::path] starts_with "/resources/" } { pool pool_atldevngn } else { discard log local0. "connection DISCARDED from [IP::client_addr]" } } else { pool pool_atlapipool1 } }
- ccraddock_33000Feb 28, 2019Nimbostratus
I truly appreciate all the comments and feedback on this post. I think I may have figured it out. Could you check the logic on this irule and let me know if you see any conflicts? Thanks.
when HTTP_REQUEST { if {[HTTP::path] starts_with "/resources/" } { pool pool_atldevngn } elseif { !([class match [HTTP::uri] contains api_string ])} { discard log local0. "connection DISCARDED from [IP::client_addr] } else { pool pool_atlapipool1 } }
- Michael_Saleem1Feb 28, 2019Cirrus
You're most welcome; that's what this community is here for! :-D
I think there is a conflict with your latest iRule (I may be wrong).
Let's say an HTTP request comes in for: http://www.example.com/resources/
My thinking is that the first if statement will evaluate as true so the F5 will select the pool pool_atldevngn. However, the F5 will not stop there and continue to process the elseif statement which will also evaluate as true (assuming that there is no match against data group api_string). The request will therefore be discarded.
Anyone else agree/ disagree?
- ccraddock_33000Feb 28, 2019Nimbostratus
I was under the impression that if a connection came in with "/resources/" that it would evaluate as true and the traffic would be sent to the pool pool_atldevngn and all evaluation would stop after that. What would be the point of continuing once the first If statement evaluated to true? Typically an "else" or "elseif" statement isnt reached unless the first "If" statement is evaluated as false. It could be different for the irule though, so im not sure.
- Michael_Saleem1Feb 28, 2019Cirrus
I think you’re totally right (should of had my coffee).
In an if/elseif/else branch only the first matching conditional statement that is true will be executed.
If it was an if/if branch that’s where all branches get executed.
Have you had a chance to test the iRule to see if it works as expected?
- ccraddock_33000Feb 28, 2019Nimbostratus
Michael,
Thanks alot for all your input. I have not had a chance to test it but will very soon. I will report back with the results.
Thanks again everyone.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com