Forum Discussion
CirrusiRule redirects no longer working since upgrade to 11.6 eng hot fix3
I was just about to move a virtual server to production i built a while ago and i notice none of my irule redirects are working properly. Before the upgrade to 11.6 ENG HF3, I had the following three separate irules on my virtual server and worked perfectly:
irule 1:
when HTTP_REQUEST { if { (([HTTP::host] equals "amp.company.com") or ([HTTP::host] equals "amp")) } { HTTP::redirect "https://services.company.com/AccessManagementExt/" }
irule 2:
when HTTP_REQUEST { if { (([HTTP::host] equals "amp.company.com") or ([HTTP::host] equals "amp")) } { HTTP::redirect "https://services.company.com/AccessManagementExt/" }
irule 3:
when HTTP_REQUEST { Check if path is not in whitelist datagroup if {![matchclass [string tolower [HTTP::path]] starts_with webservices_allowed_paths]} { HTTP::redirect https://www.company.com } }
the last rule referenced a dataset group called webservices_allowed_paths. The first 2 rules don't redirect at all anymore and the third rule ignores the URL and now just redirects to https://www.company.com. Was there a syntax change i should be made aware of? Not sure how to fix this.....
Here is what data looked like in the dataset group:
/PasswordManagement/ := /PasswordManagement/
/AccessManagementEXT/ := /AccessManagementEXT/
10 Replies
DEJNimbostratus
Hello,
For iRule 3, it is possible your matchclass command may be causing issues. It was deprecated in 10.x. The new command would be 'class match'. I'm unsure about the rest with my first glance.
https://devcentral.f5.com/wiki/iRules.class.ashx
when HTTP_REQUEST { Check if path is not in whitelist datagroup if {![class match [string tolower [HTTP::path]] starts_with webservices_allowed_paths]} { HTTP::redirect https://www.company.com } }
Rosieodonell_16Made the changes as you suggested and it it still just redirecting. It's like its not reading what is in the dataset group anymore. I tried entering the link https://services.company.com/AccessManagementExt/, this should see that /AccessManagementExt/ is allowed and should resolve fine. Rather it is going to https://www.company.com.- DEJI'm curious if the string isn't matching in the data group since you're doing the match with string to lower but the data group string has capitalized letters.
What_Lies_Bene1Cirrostratus
I would think you are correct Dareuja.
- DEJ_159363
Hello,
For iRule 3, it is possible your matchclass command may be causing issues. It was deprecated in 10.x. The new command would be 'class match'. I'm unsure about the rest with my first glance.
https://devcentral.f5.com/wiki/iRules.class.ashx
when HTTP_REQUEST { Check if path is not in whitelist datagroup if {![class match [string tolower [HTTP::path]] starts_with webservices_allowed_paths]} { HTTP::redirect https://www.company.com } }- Rosieodonell_16Made the changes as you suggested and it it still just redirecting. It's like its not reading what is in the dataset group anymore. I tried entering the link https://services.company.com/AccessManagementExt/, this should see that /AccessManagementExt/ is allowed and should resolve fine. Rather it is going to https://www.company.com.
- DEJ_159363I'm curious if the string isn't matching in the data group since you're doing the match with string to lower but the data group string has capitalized letters.
- What_Lies_Bene1I would think you are correct Dareuja.
- DEJIs the missing end bracket on irule 1 & 2 a typo?
- Rosieodonell_16yes
