Forum Discussion

Sriram_129909's avatar
Sriram_129909
Icon for Nimbostratus rankNimbostratus
Nov 04, 2013

iRule to log all HTTP_REQUEST and insert a cookie

Hello, I wrote an iRule that uses HSL for sending syslog level data to remote servers. The iRule sends all HTTP_REQUESTs to HSL pool. There are three pools defined - each for specific purposes. I find that the iRule causes an issue of running on one CPU probably because the way the variables are defined and accessed. I have attached the iRule for your reference. Can somebody tell me if I am doing anything inefficient? Much appreciated.

when RULE_INIT { array set ::active_clients { } }

when CLIENT_ACCEPTED { set hsl [HSL::open -proto UDP -pool syslog_server_pool] set hsl1 [HSL::open -proto UDP -pool syslog_server_pool_1] set hsl2 [HSL::open -proto UDP -pool syslog_server_pool_2] Send the data using local7 facility <190> HSL::send $hsl "<190> [IP::client_addr] [[clock format [clock seconds] -format "%d/%b/%Y:%H:%M:%S %z"]] --[IP::local_addr]--NY--80--CLIENT_ACCEPTED" }

when HTTP_REQUEST { if { [info exists ::active_clients([IP::client_addr])] } { incr ::active_clients([IP::client_addr]) } else { set ::active_clients([IP::client_addr]) 1 }

if { not ([HTTP::cookie exists SITESERVER] ) } {
    set F2C "[string range [AES::key 128] 15 end][string range [AES::key 128] 15 end]"
    HTTP::cookie insert name "F2C" value $F2C
}

HSL::send $hsl1 "<190> [IP::client_addr] \[[clock format [clock seconds] -format "%d/%b/%Y:%H:%M:%S %z"]\] --[IP::local_addr]--NY--80--[URI::path [HTTP::uri]][URI::basename [HTTP::uri]]--UA=[HTTP::header User-Agent]--CT=[HTTP::header "Content-type"]"
HSL::send $hsl2 "<190> [IP::client_addr] \[[clock format [clock seconds] -format "%d/%b/%Y:%H:%M:%S %z"]\] --[IP::local_addr]--NY--80--P2--[URI::path [HTTP::uri]][URI::basename [HTTP::uri]]--QS=[HTTP::query]--C=[HTTP::header cookie]--UA=[HTTP::header User-Agent]--CT=[HTTP::header "Content-type"]"

}

when HTTP_REQUEST_DATA { set refid "unknown" foreach x [split [string tolower [HTTP::payload]] "&"] { if { $x starts_with "refid=" } { set refid [lindex [split $x "="] 1] } } HSL::send $hsl2 "<190> [IP::client_addr] [[clock format [clock seconds] -format "%d/%b/%Y:%H:%M:%S %z"]] --[IP::local_addr]--NY--80--P2--refid=$refid--F2C=$F2C"

}

when HTTP_RESPONSE { if { [info exists F2C] and $F2C ne ""} { HTTP::cookie insert name "F2C" value $F2C unset -nocomplain F2C } }

when CLIENT_CLOSED { if { [info exists ::active_clients([IP::client_addr])] } { HSL::send $hsl "<190> [IP::client_addr] [[clock format [clock seconds] -format "%d/%b/%Y:%H:%M:%S %z"]] --[IP::local_addr]--NY--80--CLIENT_CLOSED--$::active_clients([IP::client_addr])" unset ::active_clients([IP::client_addr]) } }

  • A few considerations:

     

    1. The ::global variable format has been deprecated. It may work, but it will demote a CMP platform to a single CPU. Use the "static::" global variable namespace instead.

       

    2. Modifying a global variable after RULE_INIT, even the static:: global variable format, will demote a system to a single CPU.

       

    3. I would recommend using a session table structure instead of a global array.

       

      https://devcentral.f5.com/wiki/iRules.table.ashx

       

  • Thanks Kevin. Now I rolled back the change and probably will go the session table way. Just curious, with Global variables, and the problems associate with it, is there a necessity for a system wide refresh on the F5? like rebooting maybe? I have the other HSL irule that got affected with the problematic iRule and it still is after the rollback.

     

  • Not 100% sure based on your environment, but it's probably safe to say that once a VIP has been demoted it will remain demoted until a VIP refresh (in the least).

     

  • Thanks again Kevin. May I ask what a VIP "Refresh" is? Are you referring to Disable/Enable of the VIP in BigIP or is it just the Refresh on the statistics tab?

     

  • This is where it gets hazy. I'd start with a simple update of the VIP config in the GUI. If that doesn't work, you may have to do a bigstart restart.

     

    Are there other iRules that may be demoting CMP?

     

  • But doesn't taking out an iRule (the rollback I mentioned earlier) do the Refresh?

     

  • Try this. From the BIG-IP command line, issue the following TMSH command against each virtual server:

    tmsh show /ltm virtual [virtual server name] all-properties
    

    Look for the CMP and CMP Mode values. This will indicate whether or not the VIP has been demoted. Technically, I believe CMP should be restored for new connections when you've removed anything that would cause it to demote, but you may end up having to do a restart.