For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Rabbit23_116296's avatar
Rabbit23_116296
Icon for Nimbostratus rankNimbostratus
Apr 15, 2014

iRule to exit APM and redirect to another pool member

What I am doing is I would like to have a single front-end IP address that redirects to pools based on [HTTP::host]. The virtual server is APM enabled and I would like to send directly to the pool bypassing the APM. The pool members are listening on port 80 and HTTPS. For some reason this isn't working and I just get a connection reset with server when trying in a browser. The URI and LTM logging works so it's definitely grabbing the right querystring.

when HTTP_REQUEST {

        switch -glob [string tolower [HTTP::host]] {
        "sso.company.com" {
        ACCESS::disable 
        SSL::disable serverside
            if { [HTTP::uri] contains "service="} {
                log local0.notice "URI matches and is: [HTTP::uri]"
                pool  sso-company-com-http
            }

       }
    }

11 Replies

Show More
  • Cory_50405's avatar
    Cory_50405
    Icon for Noctilucent rankNoctilucent
    Apr 16, 2014

    What's odd though is that the SYN packets are actually leaving the BIG-IP, according to your capture. I would think a handshake between your client and server would complete even if the access profile was causing a problem.

     

    Is there any possibility of something along the communications path between the BIG-IP and your pool members that could be disallowing the communications?