Forum Discussion

Derek_Rice_2913's avatar
Derek_Rice_2913
Icon for Nimbostratus rankNimbostratus
Apr 20, 2017

iRule help. Redirect works, but intermittenetly.

(Disclaimer: I am very new to iRules)

 

BIG-IP 12.1.0 Build 1.0.1447 Hotfix HF1 BIG-IP 4000 series

 

when HTTP_REQUEST { if { [HTTP::host] equals "test.mail.company.com" } { HTTP::redirect "https://test.mail.company.com/send_auth.cgi[HTTP::uri [string trimright [HTTP::uri] "/"]]" } }

 

I received a request to setup a redirect so that it will preserve the end of the original URI but redirect to https and append send_auth.cgi before the preserved data. In other words:

 

http://www.foo.com/bar --> https://www.foo.com/send_auth.cgi/bar

 

I accomplished this with a VS and an iRule. It works 100% for me, but only sometimes for the person requesting it. The intermittent success I believe is browser based. I tried this on a Windows 10 box and OS X(Sierra). On Windows 10 it has worked with the following browsers(Chrome, Firefox, Opera, and IE/Edge). It works on Chrome, Firefox, and Safari on OS X. I had several of my co-workers try with 100% success.

 

The end user tested previously and it worked. Now he is saying it doesn't work anymore. Nothing has changed on my end. He had several of his co-workers try. They have 100% success with Firefox, but intermittent results with IE/Edge and Chrome. He is willing to give it up because it's not a huge priority, but I told him I would ask here to see if my iRule is off.

 

Packet capture on my end with both the mac and Windows box show the 302 correctly and everything seems kosher.

 

Am I crazy? Is it maybe browser extensions? Is it the iRule?

 

application delivery
iRules
LTM
  • Jad_Tabbara__J1's avatar
    Jad_Tabbara__J1
    Icon for Cirrostratus rankCirrostratus
    Apr 20, 2017

    Are you sure he is using alway the same "FQDN" test.mail.company.com and not comming with the IP address or changing his host file...

    Because I can not understand how browser can be implied in this kind of operation...

    I suggest you to add the following line in your irule in order to view his requests

    log local0. "Client IP: [IP::remote_addr] Host: [HTTP::host] User-agent: [HTTP::header "User-Agent"] Request [HTTP::uri]"

    Regards

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Apr 20, 2017

    Derek, I'm not an expert iruler but a couple of comments.

     

    Do you need the string trimright cmd as your example is grabbing all of the URI so you could just append [HTTP::Uri] at the end.

     

    Secondly, do you have oneconnect enabled on the VIP? Http manipulation often benefits with this profile as it changed the behaviour of the VIP from per-TCP to per-HTTP request.

     

    N

     

  • Hectorm's avatar
    Hectorm
    Icon for Nimbostratus rankNimbostratus
    Apr 20, 2017

    Also this is case sensitive so I will change everything to lower case before I check the condition. This may explain why it works some of the time when HTTP_REQUEST {

    set Vuri [ string tolower [HTTP::uri]]

    set Vheader [ string tolower [HTTP::host]]

    if { $Vheader equals "test.mail.company.com"} {
    HTTP::redirect "https://test.mail.company.com/send_auth.cgi[HTTP::uri [string trimright [HTTP::uri] "/"]]" 
  }

    }