Forum Discussion
qqdixf5_74186
Nimbostratus
NimbostratusiRule to access database
Is it possible to create an iRule that do something like getting a http header value and checking it against a database? We used to do this using Reactivity. Now we are trying to see if BigIP can do the same thing. I did a bit research and didn't find much.
Thank you for advice!
18 Replies
- Well, there are a couple of ways besides standard authentication DB calls that you can condition an iRule on external data, and the link I mentioned above details one of them: A nifty trick using "HTTP::retry" to initiate an out-of-band request which should help solve this problem as requested.
/deb 
Lars_Terje_VaalHi qqdixf5
I have created a working solution for calling another website, doing a vaildation and resending the original request. This solution sends the source IP and the path to a validation site, which checks that this IP are allowed to access this path. (this is just an example, but I have some similar working code which I don't want to post in an open forum ;-), so there may be some missing variables or something).
when CLIENT_ACCEPTED {
set client_approved 0
}
when HTTP_REQUEST {
set orginal_request [HTTP::request]
if {!$client_approved} {
If client not approved yet, check the clients IP against the checkIP.aspx site at the backend servers
set checkuri "/checkIP.aspx?ip=$SourceIP&path=[HTTP::path]"
HTTP::uri $checkuri
}
}
when HTTP_RESPONSE {
if {!$client_approved} {
if { [HTTP::header exists "Content-Length"] } {
set content_length [HTTP::header "Content-Length"]
} else {
set content_length 1000000
}
if { $content_length > 0 } {
HTTP::collect $content_length
}
}
}
Reads the response, and validates if response contanis Accespted
when HTTP_RESPONSE_DATA {
if {!$client_approved} {
set payload [HTTP::payload]
Check wether response contains Accepted. In that case set client approved to true.
if {$payload contains "Accepted"} {
set client_approved 1
if response contains Accepted, the original_request is sent
HTTP::retry $orginal_request
}
}
}
qqdixf5_74186Thank you for the article and example! I will try to implement my own tomorrow. I will let you know how it goes.- qqdixf5_74186Can anyone tell me what is wrong with the following code snippet? iRule Editor complains that [HTTP::retry] is undefined procedure. I am not sure what's wrong. Thanks for help!
if {$payload contains "Accepted"} {
HTTP::retry $original_request
}
or
if {$payload contains "Accepted"} {
[HTTP::retry] $original_request
} - Hmmmm....
The first is valid syntax, but the 2nd should generate a "wrong of args" error.
Since you're getting an "undefined procedure" error instead, it looks like it must not be implemented in your version. (HTTP::retry wasn't introduced until LTM 9.2 - Click here)
/deb - qqdixf5_74186Hi deb,
Is http::retry the only way to make external call from iRule? In your article, you mentioned that there are a few ways that can make iRule using external information. I am interested in knowing any other option that might work since our network group is not planning to upgrade to 9.2 very soon. Thanks a lot! - The only others are specific types of lookups: standard authentication transactions using the AUTH:: commands, or DNS lookups using the NAME:: commands.
To make a call to a web-fronted database, HTTP::retry is currently your only choice.
/deb - qqdixf5_74186Thanks, Deb! Go back to my earlier questions. Is it possible to enable those tcl commands?
