iRule to access database

Well, there are a couple of ways besides standard authentication DB calls that you can condition an iRule on external data, and the link I mentioned above details one of them: A nifty trick using "HTTP::retry" to initiate an out-of-band request which should help solve this problem as requested.

 

 

/deb

Hi qqdixf5

 

 

I have created a working solution for calling another website, doing a vaildation and resending the original request. This solution sends the source IP and the path to a validation site, which checks that this IP are allowed to access this path. (this is just an example, but I have some similar working code which I don't want to post in an open forum ;-), so there may be some missing variables or something).

 

 

 

 

 

when CLIENT_ACCEPTED {

 

set client_approved 0

 

}

 

 

when HTTP_REQUEST {

 

set orginal_request [HTTP::request]

 

if {!$client_approved} {

 

If client not approved yet, check the clients IP against the checkIP.aspx site at the backend servers

 

set checkuri "/checkIP.aspx?ip=$SourceIP&path=[HTTP::path]"

 

HTTP::uri $checkuri

 

}

 

}

 

 

when HTTP_RESPONSE {

 

if {!$client_approved} {

 

 

if { [HTTP::header exists "Content-Length"] } {

 

set content_length [HTTP::header "Content-Length"]

 

} else {

 

set content_length 1000000

 

}

 

if { $content_length > 0 } {

 

HTTP::collect $content_length

 

}

 

}

 

}

 

 

Reads the response, and validates if response contanis Accespted

 

when HTTP_RESPONSE_DATA {

 

if {!$client_approved} {

 

set payload [HTTP::payload]

 

Check wether response contains Accepted. In that case set client approved to true.

 

if {$payload contains "Accepted"} {

 

set client_approved 1

 

if response contains Accepted, the original_request is sent

 

HTTP::retry $orginal_request

 

}

 

}

 

 

}

Thank you for the article and example! I will try to implement my own tomorrow. I will let you know how it goes.

Can anyone tell me what is wrong with the following code snippet? iRule Editor complains that [HTTP::retry] is undefined procedure. I am not sure what's wrong. Thanks for help!

 

 

if {$payload contains "Accepted"} {

 

HTTP::retry $original_request

 

}

 

or

 

if {$payload contains "Accepted"} {

 

[HTTP::retry] $original_request

 

}

Hmmmm....

 

 

The first is valid syntax, but the 2nd should generate a "wrong of args" error.

 

Since you're getting an "undefined procedure" error instead, it looks like it must not be implemented in your version. (HTTP::retry wasn't introduced until LTM 9.2 - Click here)

 

 

/deb

 

 

 

Hi deb,

 

 

Is http::retry the only way to make external call from iRule? In your article, you mentioned that there are a few ways that can make iRule using external information. I am interested in knowing any other option that might work since our network group is not planning to upgrade to 9.2 very soon. Thanks a lot!

The only others are specific types of lookups: standard authentication transactions using the AUTH:: commands, or DNS lookups using the NAME:: commands.

 

 

To make a call to a web-fronted database, HTTP::retry is currently your only choice.

 

 

/deb

Thanks, Deb! Go back to my earlier questions. Is it possible to enable those tcl commands?