iRule tp detect HTTP and TCP requests and then do some magic.

Question

I have an iRule working fine which takes an http hostname, strips the external domain name and then appends internal domain name. The F5 does a lookup for this internal domain name and sets the resolved IP address as the member for the VIP.
All this works fine with the F5 doing it's magic for http requests&nbsp;
Now the requirement is to support a normal TCP connection in the same iRule which may not be an http request. I did some checks and seen that we can collect the TCP::request for the initial bytes. Any suggestion how the incoming hostname can be captured in that?
The incoming hostname would be something like xxx-xxx-xxxx.externaldomain.com.&nbsp;
Futher will the HTTP and the TCP be supported in the same iRule?&nbsp;

stanislas_piro2 · Answer

Hi,&nbsp;
There is no magic, LTM knows how to decode HTTP protocol and allow to read headers.&nbsp;
Do you know what application you want to manage like HTTP? If yes, you can decode it to read hostname (if exists, it’s not sure) and forward tcp connection to internal host.&nbsp;

henrik_gyllkra1 · Answer

In addition to what Stanislas said, also note that with your existing iRule, you are using http commands and events which means that you have an http profile on your Virtual Server. What the profile does is it makes the BIG-IP parse http headers, which means that the traffic must conform to some base minimum of the http standard. That in turn means that traffic that isn't http going through that Virtual Server will fail, since the BIG-IP will drop non-http traffic. So it's unlikely that you will be able to handle both types of traffic on the same Virtual Server.&nbsp;
Supposedly there's a way around that by creating a http profile that uses transparent as the proxy type, but I haven't played around too much with that so I'm not sure how well that actually works.&nbsp;

n__197982 · Answer

Here is what I managed to work on. I will be setting a static port for this custom TCP application to run.
The HTTP iRule can run as it is to work on present requests.&nbsp;
The iRule I worked on is:&nbsp;

when CLIENT_ACCEPTED {
log local0.debug "CLIENT_ACCEPTED"
TCP::collect 50
}
when CLIENT_DATA {
    if { [TCP::payload 50] contains "external.com" }&nbsp;

Now, I want to capture that name which is before the external.com and take that in a variable.
Then do a lookup using that name and appending internal.com.&nbsp;
After that take that name.internal.com and set the resolved IP address as the pool member&nbsp;
any comments?&nbsp;

henrik_gyllkran · Answer

Yeah, I would use a stream expression to deal with rewriting the data, since you can't use HTTP commands. Have a look at the STREAM::expression syntax for some examples.&nbsp;

n__197982 · Answer

in this case the stream before the .external.com will have to be queried. How can that be done?&nbsp;

Forum Discussion

iRule tp detect HTTP and TCP requests and then do some magic.

Recent Discussions

Statistics ›› Analytics : HTTP : Overview

VS FORWARDING & ROUTE

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

Related Content

F5 Distributed Cloud JA4 detection for enhanced performance and detection

BIG-IP AFM Blacklisting Magic

JA4 Part 2: Detecting and Mitigating Based on Dynamic JA4 Reputation

SSL Orchestrator Advanced Use Cases: Detecting Generative AI

Bidirectional Forwarding Detection (BFD) Protocol Cheat Sheet

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS