iRule return not working

Question

I have the following iRule&nbsp;
&nbsp;when HTTP_REQUEST_SEND {
&nbsp;  if ( &lt;&gt; } {
&nbsp;     return
&nbsp;  }
&nbsp;}&nbsp;
&nbsp;I want to present the request from getting to the backend server. But the return is not working. The request goes to the backend server. &nbsp;
&nbsp;Is thereway to prevent it&nbsp;
&nbsp;Thanks,
&nbsp;Karthik

rapmaster_c_127 · Answer

Well, rules are generally non-terminating with respect to the context of the connection, unless you explicitly stop the state-engine or divert it to another state - neither of which you have done here in your rule. Returning above just terminates the rule in this event handler and continues to the next state.&nbsp;
&nbsp;What would you have the rule do? Do you want to respond to the client? If so, use HTTP::respond. Would you like to close the connection? If so, use HTTP::close. Basically, tell the BIG-IP what you would like to do. Simply returning from the rule will make it continue on, as if you had any other non-terminating statement in there (e.g. log).

karthik_sriniva · Answer

Thanks for your quick response.&nbsp;
&nbsp;I have custom authentication implementation with LDAP. When Authentication fails, I am setting one of the rule variable to a particular value in AUTH_FAILURE, so in the HTTP_RESPONSE event I can redirect the user to particular page.
&nbsp;This works, but the request goes to the backend server and the backend server is expecting the authentication credentials which is not set so an exception thrown. My understanding is, HTTP_REQUEST_SEND is the event which contacts the backend server for data. So I was wondering if I check the variable value in HTTP_REQUEST_SEND and if it's equal to the value set in AUTH_FAILURE event, I am trying to return out of this event, so BigIp will exit out of the HTTP_REQUEST_SEND with out contacting the backend server. But for some reason it does not exit with out connecting to the backend server.&nbsp;
&nbsp;Is there a way to make it return out of HTTP_REQUEST_SEND with out making the backend connection?&nbsp;

unruley_95363 · Answer

You need to actually generate a response to the client though.  This is what HTTP::respond would do.  The "return" command simply finishes the rule processing, it doesn't actually do anything else.  That is why rapmaster_c was recommending you to use something like: reject or HTTP::respond or HTTP::redirect.  Those are actions that will cause the connection to the client to be completed and closed or reset.

Forum Discussion

iRule return not working

Recent Discussions

Diameter iRules attachment?

Health Monitor unable to connect to OpenShift Router

Big IP DNS Failover

AS3 Limitations

Help needed with iRule (connection closed log )

Related Content

The return of DevCentral CodeShare.

iRules not working

Hey DeepSeek, can you write iRules?

Return default favicon.ico

iRules Style Guide

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS