For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

AceDawg1's avatar
AceDawg1
Icon for Nimbostratus rankNimbostratus
Aug 30, 2019

iRule Diverting Traffic to Wrong Pool

Good day all,   Was given an iRule to debug and was hoping the DevCentral community might have some pointers. In a nutshell, the iRule is supposed to send traffic to a specific pool if certain cr...
application delivery
BIG-IP
iRules
AceDawg1's avatar
AceDawg1
Icon for Nimbostratus rankNimbostratus
Aug 30, 2019
ltm rule /Common/traffic_mod {
 
when HTTP_REQUEST {
 
#Set URI
set path [string tolower [HTTP::path]]
 
    #If IP and header present then this is return flow which needs to go to Origin
    if {([IP::addr [IP::client_addr] equals w.x.y.z] ||
        [IP::addr [IP::client_addr] equals a.b.c.d] ||
        [IP::addr [IP::client_addr] equals e.f.g.h]) && [HTTP::header exists "SOME-HEADER"]} {
        return
    } else {
        # Add the client-ip into the X-Forwarded-For if it doesn't come from addresses listed
        HTTP::header insert "X-Forwarded-For" [IP::client_addr]
    }
 
    if {$path contains "/somefile.js"} {
        # Test if the pool has active members before sending traffic
        if {[active_members SomePool_443_pl] > 0} {
            pool SomePool_443_pl
            return
            #if the pool is not available, then no need to forward this traffic, just send back an empty 200 OK
        } else {
            HTTP::respond 200
        }
    }
 
    if {[HTTP::method] equals "POST" and ($path contains "/api/customer/login" || $path contains "/api/customer/register")} {
        # Test if the pool has active members before sending traffic
        if {[active_members SomePool_443_pl] > 0} {
            pool SomePool_443_pl
            return
        #if the pool is not available, send traffic to the default pool
        }
    } 
}
}