Forum Discussion
irule uri traffic redirection failing
Hello team,
I have to implement an irule to redirect traffic based on URL.
So i made following code:
when HTTP_REQUEST { if { [HTTP::uri] starts_with "/specialurl" } {
snatpool /NAT_Outside
pool /Apps_pool
log local0. "[IP::client_addr] Ingreso a [HTTP::uri]" } }
The irule works fine, but the owner of the application says that when the app (programed in ajax) call's another uri of the website, the service get stucked in the pool "/App_pool".
I tried with ltm policy and have same behavior.
Any one had have any similar case?
mplaksin0First I would create a /32 netmask OneConnect profile and associate it with the virtual server in question. After you have done that use the following iRule configuration replacing whatever you might want to match in the if statement but leave everything else and that should solve your issue.
when CLIENT_ACCEPTED { set DEFAULT_POOL [LB::server pool] } when HTTP_REQUEST { if { [HTTP::uri] starts_with "/specialurl" } { snatpool NAT_Outside pool Apps_pool log local0. "[IP::client_addr] Ingreso a [HTTP::uri]" } else { pool $DEFAULT_POOL } }
try to disable persistance using source address
mplaksin0First I would create a /32 netmask OneConnect profile and associate it with the virtual server in question. After you have done that use the following iRule configuration replacing whatever you might want to match in the if statement but leave everything else and that should solve your issue.
when CLIENT_ACCEPTED { set DEFAULT_POOL [LB::server pool] } when HTTP_REQUEST { if { [HTTP::uri] starts_with "/specialurl" } { snatpool NAT_Outside pool Apps_pool log local0. "[IP::client_addr] Ingreso a [HTTP::uri]" } else { pool $DEFAULT_POOL } }
- mplaksin0Cirrus
I did a similar configuration, and it is true it works correctly. In the VS use as default pool App_Pool. In the Irule, indicate that if it "does not contain" /app_pool, redirect to the default pool and it started to work.
- AubreyKingF5Moderator
Is the app using BIG-IP as its default gw?
Can you paste a tmsh list of the VIP?
What is the default pool? Isn't it "App_pool"?
Where are other uri's configured to go?
Probablly the config of the VIP will help us figure it out.- mplaksin0Cirrus
The default pool isn't App_pool.
The gateway of VM of default pool its this bipip and App_Pool its the ip of virtual-server of other bigip that its in other point of the network (we reach it via routing).
I attach the list.
I tried a policy that says "if the uri contains /specialurl foward traffic to pool App_Pool" and same behavior.
Maybe i can try to set default pool as App_Pool and use a policy with "not contains /specialurl foward traffic to pool GOL (default)
security presentation tmui virtual-list /GOL {
dos-status none
server {
attack-status none
bandwidth-bps 152744
bandwidth-cps 0
bandwidth-pps 66
description none
dst-addr x.x.x.x%12
dst-port https
evicting-active false
eviction-policy none
http-auto-threshold Disabled
http-behavioral-signature-dos Disabled
ip-intelligence-policy none
l4-protocol 6
l7-protocol http
mask 255.255.255.255
max-bandwidth-bps 4294967295
max-bandwidth-cps 0
max-bandwidth-pps 4294967295
name /GOL
netflow-profile none
network-auto-threshold Disabled
network-behavioral-signature-dos Disabled
route-doman 12
scrub-monitored false
scrubbable-advertisement-method none-method
scrubbable-bandwith-threshold 4294967295
scrubbing-active false
src-addr 0.0.0.0%12/0
src-port any
stress-level 0
traffic-type inline
}
vlans none
}
do a : list virtual "name of the vip " on both big ip's()
for /specialur : BGIPip1 (VIP, pool: Apps_pool) -> BIGip2 (VIP:GOL)
for anything else : ????
- mplaksin0Cirrus
Hi mihaic,
Let me see its this is ok. I have no access to the specialurl bigip. It owned by other team. The irule its no applied at this time, but it was yesterday in virtual GOL.
Thanks
ltm virtual /GOL {
destination /x.x.x.x%12:https
ip-protocol tcp
last-modified-time 2022-10-18:14:15:01
mask 255.255.255.255
partition Proyectos
persist {
source_addr {
default yes
}
}
pool /pool_gol
profiles {
Fec {
context clientside
}
Tec {
context clientside
}
http { }
serverssl-insecure-compatible {
context serverside
}
tcp-lan-optimized {
context clientside
}
tcp-wan-optimized {
context serverside
}
}
source 0.0.0.0%12/0
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
vs-index 137
}ltm pool /apps_pool {
members {
/VS_OUTSIDE_F5:https {
address x.x.x..x%12 <--- This ip its from bigip that i have no access.
session monitor-enabled
state up
}
}
monitor gateway_icmp
partition Proyectos
}
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com