For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Joe_Erchul_4263's avatar
Joe_Erchul_4263
Icon for Nimbostratus rankNimbostratus
Feb 28, 2013

iRule to redirect users to a pool based on POST data

Gang,

 

 

I'm trying to direct a subset of my users to different pools based on their POST data. This is what I have thusfar:

 

 

 

when HTTP_REQUEST {

 

if { [HTTP::method] equals "POST" } {

 

if {[HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] <= 1048576} {

 

set content_length [HTTP::header "Content-Length"]

 

} else {

 

set content_length 1048576

 

}

 

HTTP::collect $content_length

 

}

 

}

 

when HTTP_REQUEST_DATA {

 

if { (([HTTP::payload] contains "end-user=aaaaa") or

 

([HTTP::payload] contains "end-user=bbbb") or

 

...

 

...

 

...

 

([HTTP::payload] contains "end-user=zzzzz"))} {

 

log local0. "User redirected"

 

pool A_pool

 

} else {

 

pool B_pool }

 

}

 

 

This doesn't appear to be getting me the correct end-users hitting the A_pool.

 

 

Anything glaringly apparent to this group?

 

 

Thanks.

 

 

Joe

 

application delivery
dev
devops
iRules

2 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Mar 01, 2013
    the irule looks okay to me.

    have you run tcpdump? was there any suspicious there?

    tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap host x.x.x.x or host y.y.y.y and port zzz

    x.x.x.x is virtual server ip

    y.y.y.y is pool member ip

    zzz is port number

    this is my testing. 

    [root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   destination 172.28.19.252:80
   ip protocol 6
   rules myrule
   profiles {
      http {}
      tcp {}
   }
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when HTTP_REQUEST {
  if { [HTTP::method] equals "POST" } {
    if {[HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] <= 1048576} {
      set content_length [HTTP::header "Content-Length"]
    } else {
      set content_length 1048576
    }
    HTTP::collect $content_length
  }
}
when HTTP_REQUEST_DATA {
  if  { (([HTTP::payload] contains "end-user=aaaaa") or
    ([HTTP::payload] contains "end-user=bbbb") or
    ([HTTP::payload] contains "end-user=zzzzz"))} {
    log local0. "User redirected"
    pool A_pool
  } else {
    pool B_pool
  }
}
when HTTP_RESPONSE {
  log local0. "cs [IP::client_addr]:[TCP::client_port] > [clientside {IP::local_addr}]:[clientside {TCP::local_port}] ss [IP::local_addr]:[TCP::local_port] > [IP::remote_addr]:[TCP::remote_port] pool [LB::server pool]"
}
}
[root@ve10:Active] config  b pool A_pool list
pool A_pool {
   members 200.200.200.101:80 {}
}
[root@ve10:Active] config  b pool B_pool list
pool B_pool {
   members 200.200.200.111:80 {}
}

 end-user=aaaaa payload

[root@ve10:Active] config  curl --data "end-user=aaaaa" http://172.28.19.252/



This is 101 host.



[root@ve10:Active] config  cat /var/log/ltm
Mar  1 17:58:46 local/tmm info tmm[22185]: Rule myrule : User redirected
Mar  1 17:58:46 local/tmm info tmm[22185]: Rule myrule : cs 172.28.19.253:48674 > 172.28.19.252:80 ss 200.200.200.10:48674 > 200.200.200.101:80 pool A_pool

 end-user=somethingelse payload

[root@ve10:Active] config  curl --data "end-user=somethingelse" http://172.28.19.252/


This is 111 host.


[root@ve10:Active] config  cat /var/log/ltm
Mar  1 18:00:11 local/tmm info tmm[22185]: Rule myrule : cs 172.28.19.253:48685 > 172.28.19.252:80 ss 200.200.200.10:48685 > 200.200.200.111:80 pool B_pool
  • Richie_77270's avatar
    Richie_77270
    Icon for Nimbostratus rankNimbostratus
    Mar 21, 2013
    That looks like exactly what I am trying to do. Thank you very much Nitass!