Irule with Multiple HTTP checks

You can get the response status in the HTTP_RESPONSE event, but you have to get the Host and URI from a clientside event. This means you have to save the URI for every request to that server. Here's an example:

when HTTP_REQUEST {
    use IP::addr to compare Host header value with the IP we're looking for
   if {[IP::addr [HTTP::header value Host] equals 1.1.1.1]}{
       for a match, save the URI to log if the response is a 400
      set uri [HTTP::uri]
   }
}
when HTTP_RESPONSE {
    check if HTTP response status is a 400
   if {[HTTP::status] == 400}{
       Log the client IP address and the URI
      log local0. "[IP::client_addr] -> $uri generated 400 response"
   }
}

I didn't test this, but it looks right.

Aaron

Aaron,

 

 

Thanks for the quick response, the virtual server that this would be used on hast two hosts would the IP::addr show the VIP or the actual hostname?

 

 

Cheers

 

 

Tim

HTTP::header value Host would return what the client enters in the address bar between the protocol and the URI. For http://test.example.com:80/path/to/file.ext?parameter=value, the Host would be test.example.com:80. If a user accessed https://1.1.1.1/somefile.txt, the Host would be 1.1.1.1.

 

 

What the is the exact criteria for when you want to log the URI for 400 responses? I can then give you more examples.

 

 

Aaron

Aaron,

 

 

I need to monitor client requests to a loadbalanced VIP (destinations node1 and node2), I need to monitor one set URI if the response is HTTP400 and have the information ip ie node1 or node2, so I can trigger an log event then send an snmp trap

 

 

Cheers

 

 

Tim

So do you want to log which server the 400 response was received from--regardless of which one it was? If so, this example will log the client and server IP's and the requested URI for all 400 responses. If that's not what you're after, can you clarify again?

when HTTP_REQUEST {
    save the URI to log if the response is a 400
   set uri [HTTP::uri]
}
when HTTP_RESPONSE {
    check if HTTP response status is a 400
   if {[HTTP::status] == 400}{
       Log the client and server IP addresses and the URI
      log local0. "[IP::client_addr] -> [IP::server_addr] for $uri generated 400 response"
   }
}

Aaron

Hey Aaron,

 

 

Nearly there, I need to specify the url, for example google.com.

 

 

Once again thanks for the help with this.

 

 

Cheers

 

 

Tim

If we say that www.example.com is the host and /index.html is the URI, do you want to log only for some host header values or only for some URIs? Do you have a few hosts or URIs or a lot?

 

 

Thanks,

 

Aaron

That was a bad example from me, just one URI /example/login.jsp

 

 

Cheers

 

 

Tim

One other thing that would be good, I have checked the docs I have but cannot find it, Is it possible to mark a node as down with an irule? So for the above rule, if it notice the node1 was failing then it only sent to node2 and marked node1 as inactive?

 

 

Tim

Good to hear the rule looks good. You could mark a node down using LB::down (Click here).

 

 

It would be good to also configure a monitor which replicates the login process and expects a non-HTTP 400 in order to mark the node up. You can check the LTM config guide for your version to get examples for configuring the send and receive strings for HTTP monitors.

 

 

The advantage to also using a monitor is that the pool members will still be polled even when marked down to see if they're responding again. If you mark the pool member down, you need either a monitor or manual intervention to mark it up again.

 

 

Aaron