Forum Discussion

Gareth_Ferris_3's avatar
Gareth_Ferris_3
Icon for Nimbostratus rankNimbostratus
Dec 21, 2017

iRule issue - iRule not forwarding to pool

Hi Guys -

Attempting to use an Irule i've put together which is showing some puzzling results. Essentially its an EWS traffic rule at its core which works perfectly - it does a string lookup on each of the URI's and allows access to our Exchange servers as required.

The issue arrives when adding the Auto discover [HTTP::Host] check. I can see from outputting the data that its picking the website up - the problem is it then follows the rest of the rule as opposed to sending directly to the pool as is specified. Rule is below:

when HTTP_REQUEST { 
    Check to see Autodiscover
            if {[HTTP::host] eq "dc1mail.simmons-simmons.com"} {
            log local0. "You may pass...but only this once. Please do ensure you remove your shoes          first. URL [HTTP::host]" 
            persist source_addr
            COMPRESS::disable
            CACHE::disable
            pool Exchange_2010_EWS_ews_pool7
    }

set low_uri [string tolower [HTTP::uri]]
   if { ($low_uri starts_with "/ews" ) or
        ($low_uri starts_with "/autodiscover") or
        ($low_uri starts_with"/oab")
} then {
            set uri [URI::decode $low_uri]
            while { $uri ne $low_uri } {
                        set low_uri $uri
                        set uri [URI::decode $low_uri]
            }

            Check if the decoded URI has two consecutive dots
            if {[string match {*..*} $uri]}{
                       log local0. "Uh oh - Two dots detected" 
                        reject
        }

log local0. "EWS traffic has been forwarded like a boss URL:[HTTP::uri]"
persist source_addr
COMPRESS::disable
CACHE::disable
pool Exchange_2010_EWS_ews_pool7

   } else {
    log local0. "You shall not pass URI:[HTTP::uri] Host:[HTTP::host]"
     reject
   } 
 }
`


I have also included the logs below:


`    Dec 21 14:57:46 DC1LBR001 info tmm[18885]: Rule /Common/EWS_Redirect : You may pass...but only this once. Please do ensure you remove your shoes first. URL dc1mail.simmons-simmons.com
Dec 21 14:57:46 DC1LBR001 info tmm[18885]: Rule /Common/EWS_Redirect : You shall not pass URI:/Microsoft-Server-ActiveSync Host:dc1mail.simmons-simmons.com
Dec 21 14:57:46 DC1LBR001 info tmm1[18885]: Rule /Common/EWS_Redirect : You may pass...but only this once. Please do ensure you remove your shoes first. URL dc1mail.simmons-simmons.com
Dec 21 14:57:46 DC1LBR001 info tmm1[18885]: Rule /Common/EWS_Redirect : You shall not pass URI:/Microsoft-Server-ActiveSync Host:dc1mail.simmons-simmons.com

Any ideas would be greatly appreciated - oh and apologies for the slightly less than professional output messages. Explaining F5 to colleagues can be a tricky task - humor seems to make my dulcet tones bearable!

Thanks in advance,

Gareth

application delivery
iRules
  • Niels_van_Sluis's avatar
    Niels_van_Sluis
    Icon for MVP rankMVP
    Dec 21, 2017

    What about a ‘return’ after the autodiscover pool assignment? That should stop further processing of the event...