Forum Discussion
Nimbostratusirule performance: combine multiple irules
Hi,
We have an several irules that we are trying simplify and combine for better performance.
first to block certain URI's
when HTTP_REQUEST {
switch [HTTP::uri] {
"/proxy/" -
"/content/xmlmovies/undefined" -
"/duas/" {
HTTP::respond 404 content "404 - file not found."}
}
To log request with certain content size
if { [HTTP::header Content-Length] >= 9000 } {
log local0. "[HTTP::header Content-Length] byte [HTTP::method] request from [IP::client_addr] for [HTTP::host][HTTP::uri]"
}
Redirect to certain URI's to HTTPs
switch -glob [string tolower [HTTP::path]] {
"/login*" {
if {[TCP::local_port] == 80} {
HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
}
}
"/app/login_user*" {
if {[TCP::local_port] == 80} {
HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
}
}
"/app/new*" {
if {[TCP::local_port] == 80} {
HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
}
}
"/app/associate_new*" {
if {[TCP::local_port] == 80} {
HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
}
}
"/account*" {
if {[TCP::local_port] == 80} {
HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri]
}
}
}
}
14 Replies
What_Lies_Bene1Cirrostratus
Sorry but is this just for information or do you have a question?- JP_42120Hi Steve, sorry, it's a question.
We originally had 4 different irules and I am trying to consolidate and tune them for better performance.
under each section, we used to have 1 or 2 seperate irules assigned to the VIP.
Does the above combined irule look correct and do you see anywhere I can improve it even more?
thx
-jp - What_Lies_Bene1Cool. You can squeeze that last bit down to this and save some cycles as it'll only be invoked if it's port 80;
if { [TCP::local_port] == 80 } { switch -glob [string tolower [HTTP::path]] { "/login*" - "/app/login_user*" - "/app/new*" - "/app/associate_new*" - "/account*" { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] } } } - What_Lies_Bene1And now I've reordered it a bit so if you redirect or respond with a 404 the iRule quits early. Regardless, I've a feeling nitass will come along and make it even better;
when HTTP_REQUEST { if { switch [string tolower [HTTP::uri]] } { "/proxy/" - "/content/xmlmovies/undefined" - "/duas/" { HTTP::respond 404 content "404 - file not found." return } } Redirect to certain URI's to HTTPs if { [TCP::local_port] == 80 } { switch -glob [string tolower [HTTP::path]] { "/login*" - "/app/login_user*" - "/app/new*" - "/app/associate_new*" - "/account*" { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] return } } } To log request with certain content size if { [HTTP::header Content-Length] >= 9000 } { log local0. "[HTTP::header Content-Length] byte [HTTP::method] request from [IP::client_addr] for [HTTP::host][HTTP::uri]" } } - JP_42120Steve-
One question, if the redirect happens first, will the logging still take place?
thx
-jp - What_Lies_Bene1No it won't. Remove the 'return' command if you still want to log that (or move the logging back to the top) but I don't see the point if you are redirecting, you'll pick it up on the GET to the HTTPS Virtual Server.
- nitass
Employee
Steve's code looks okay to me.when HTTP_REQUEST { set path [string tolower [HTTP::path]] switch $path { "/proxy/" - "/content/xmlmovies/undefined" - "/duas/" { HTTP::respond 404 content "404 - file not found." return } } Redirect to certain URI's to HTTPs if { [TCP::local_port] == 80 } { switch -glob $path { "/login*" - "/app/login_user*" - "/app/new*" - "/app/associate_new*" - "/account*" { HTTP::redirect https://[getfield [HTTP::host] ":" 1][HTTP::uri] return } } } To log request with certain content size if { [HTTP::header Content-Length] >= 9000 } { log local0. "[HTTP::header Content-Length] byte [HTTP::method] request from [IP::client_addr] for [HTTP::host][HTTP::uri]" } } - JP_42120Thanks Steve and Nitass!
- What_Lies_Bene1
You're welcome JP and thanks nitass.
- JP_42120Hi Gents,
when HTTP_REQUEST {
set path [string tolower [HTTP::path]]
switch $path {
"/proxy/" -
"/content/xmlmovies/undefined" -
"/duas/" {
HTTP::respond 404 content "404 - file not found."
return
The portion to block the URI's is not working as expected.
do I need to add "startswith" or "*" to block anything after /duas/
we are seeing /duas/something still getting through....
thanks.
