Forum Discussion
mnidl_309957
Nimbostratus
NimbostratusiRule for checking validity of requests and responses
Hello,
I have some topic regarding iRule creation. We're introducing MyShare service into our environment which is represented by two nodes and 443 VIP on LTM. Since this product is based on Citrix technology, Citrix recommends to use Netscaler for application delivery. We don't wan't to go with Netscaler but only with LTM. Configuration is clear and pretty easy for configuration in LTM. But unfortunately there's one Netscaler policy which needs to be deployed in LTM using iRule. Citrix call it responder policy and HTTP callout. It looks as follows:
add policy httpCallout sf_callout -IPAddress 10.10.10.10 -returnType BOOL -hostExpr 10.10.10.10 -urlStemExpr "\"/validate.ashx?RequestURI=\" + HTTP.REQ.URL.BEFORE_STR(\"&h\").HTTP_URL_SAFE.B64ENCODE + \"&h=\" + HTTP.REQ.URL.QUERY.VALUE(\"h\")" -scheme http -resultExpr "HTTP.RES.STATUS.EQ(200).NOT" add responder policy resp_pol_myshare "http.REQ.URL.CONTAINS(\"&h=\") && http.req.url.contains(\"/crossdomain.xml\").not && http.req.url.contains(\"/validate.ashx?requri\").not && SYS.HTTP_CALLOUT(sf_callout)" DROP
There's one Whitepaper available at Citrix support webpage:
Responder policy checks client requests and drops invalid requests based on the policy. HTTP callout sends request to the VIP and validates respond before passing client further.
Is there any way how to translate this function from Citrix Netscaler to F5 iRule?
Many thanks for any reply
It seems you are looking for the sideband function.
See: https://devcentral.f5.com/wiki/iRules.SIDEBAND.ashx
You can also use iRulesLX. See this code snippet:
https://devcentral.f5.com/codeshare/irules-lx-sideband-connection-1162
And there is even some documentation from Citrix:
