For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

jrich523_118173's avatar
jrich523_118173
Icon for Nimbostratus rankNimbostratus
Mar 31, 2014

irule pool redirect based on port and host header

I would like to setup a single virtual server with the sevice port set to 0 (all) and i'd like to make sure it only services certain ports, for now 80/443, but i could potentially build it out more. ...
application delivery
devops
iRules
LTM
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Mar 31, 2014

1) Does the 'when HTTP_REQUEST' filter based on port or traffic type

The HTTP events and commands are enabled when you apply an HTTP profile to the virtual server. It doesn't really matter what the actual port is, as long as the HTTP "filter" can detect HTTP-specific protocol data in the TCP payload.

2) Should/can i nest events - CLIENT_ACCEPTED/HTTP_REQUEST?

These events generally operate at different layers of the stack, so it's absolutely useful to use them both in a single iRule. How you use them depends on what you're trying to do though.

3) How would i add an if port is 123 go to pool_test_123, based on question 1, if this it HTTP traffic does the HTTP_REQUEST apply?

The important thing to understand here is the notion of connection-based context. In other words, context is based on a TCP connection/session. A CLIENT_ACCEPTED event happens first and can see all of the data at layer 4 (TCP payload, IP addresses, etc.). An HTTP_REQUEST event is triggered at layer 7 and can see all of the HTTP-specific protocol data - plus all of the data collected in earlier layers. So the following would be useful:

when HTTP_REQUEST {    
    if { [TCP::local_port] equals "123" } {        
        pool test_123_pool
    } else {        
        pool normal_pool
    }
}