Forum Discussion
iRule switch pool based on URI
Hello
A request was made to re-write/redirect traffic to a different pool based on URI. That is fairly simple with HTTP_REQUEST, and switch. However, this site is using SSO, so if I try something similar it just dumps you back out after authentication.
For example:
when HTTP_REQUEST {
###
# Static variables
###
set default_pool "sample-site.com-HTTPS"
set non_default_pool "sample-site.com-NON-DEFAULT"
set hostlist [list sample-site.com]
if { [lsearch $hostlist [string tolower [HTTP::host]]] ne -1 } {
switch -glob [string tolower [HTTP::uri]] {
"/non-default-page/" {
pool $non_default_pool
}
"/non-default-page/*" {
pool $non_default_pool
}
default {
pool $default_pool
}
}
}
}
That kinda of thing works fine with a normal site. I also looked into doing that with a local traffic policy, but I got the same result. The intent is to keep left side of the URL the same, but I am not exactly sure if that is possible.
BootsHasDrugs Would you be able to provide a bit more detail on exatly what you are attempting to do? The reason I ask is because the iRule seems sound with the exception of where you are defining the default pool and what mechanism you are using to define the default pool. I would configure the default pool as the pool associated to the virtual server and then define the pool using a slightly different command. Also, if you might consider creating a /32 OneConnect profile and assigning it to the virtual server so that it then performs a HOST and URI check per HTTP request rather than just on the initial HTTP request. I have also added some changes that use the following style guide.
https://community.f5.com/t5/technical-articles/irules-style-guide/ta-p/305921
The following should be how the iRule should look based on my comments.
when CLIENT_ACCEPTED priority 500 { set DEFAULT_POOL [LB::server pool] } when HTTP_REQUEST priority 500 { # Static variables set non_default_pool "sample-site.com-NON-DEFAULT" set hostlist [list sample-site.com] if { [lsearch $hostlist [string tolower [HTTP::host]]] ne -1 } { switch -glob [string tolower [HTTP::uri]] { "/non-default-page/" - "/non-default-page/*" { pool ${non_default_pool} } default { pool ${DEFAULT_POOL} } } } }
- 423295Altostratus
Hello,
It sounds like you are trying to redirect traffic to a different pool based on URI while also maintaining SSO authentication. However, you are encountering issues with the SSO process when attempting to redirect the traffic.
One approach you could consider is using an iRule to achieve this. With an iRule, you can inspect and manipulate traffic at a more granular level than with a local traffic policy. Here is an example iRule that may help you achieve your goal:
rubywhen HTTP_REQUEST { ### # Static variables ### set default_pool "sample-site.com-HTTPS" set non_default_pool "sample-site.com-NON-DEFAULT" # Check if the host matches if { [HTTP::host] ends_with "sample-site.com" } { # Check if the URI matches if { [HTTP::uri] starts_with "/non-default-page" } { # Redirect to non-default pool pool $non_default_pool return } else { # Redirect to default pool pool $default_pool return } } }This iRule checks if the incoming request's host matches "sample-site.com". If it does, it checks if the URI starts with "/non-default-page". If it does, it redirects the request to the non-default pool. If it doesn't, it redirects the request to the default pool. Note that this iRule assumes that the SSO authentication is already complete, and does not interfere with that process.
It's also worth noting that if you want to keep the left side of the URL the same, you can modify the "pool" command to include the path portion of the URL, like this:
bashpool "${default_pool}[HTTP::path]"This will redirect the request to the default pool while preserving the left side of the URL. hope so it will help you
- BootsHasDrugsAltostratus
Thank you all for the ideas. I will tinker some more and report back.
As far as details, currenlty everything is in a non-load balanced state with Okta SPs on single nodes in single pools. I did poke around with APM on our lab LTM, but that may be too-little too-late.
- BootsHasDrugsAltostratus
So far, no luck, but thanks for the help! This app is going to have to go in under a dedicated URL,
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com