For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Miro_62112's avatar
Miro_62112
Icon for Altostratus rankAltostratus
Oct 02, 2013

Irules persistence source_addr

Hi,

I have requirement where someone hits www.bac.com/admin is redirected to www.abc.com/admin-login.html and then persist with server even if go back to main page.

i have wrote Irule, maybe not pretty but i want to do some testing with source persistence. irule looks like:

    when HTTP_REQUEST { 
 log local0. "host: [HTTP::host] , url: [HTTP::uri] , proto [TCP::local_port]"
switch [string tolower [HTTP::host] ]  { 
        "www.abc.com" {
    if { [string tolower [HTTP::uri] ] equals "/admin"  } then  {

             HTTP::respond 302 Location "admin-login.html"

               }

    if { [string tolower [HTTP::uri] ] equals "/admin-login.html" } then {

                 persist  source_addr 255.255.255.255   3600
                 } 
                if { [persist lookup source_addr "[IP::client_addr] any virtual  " node] ne ""} then {
                set mypool [persist lookup source_addr "[IP::client_addr] any service " pool  ]
                set mynode [persist lookup source_addr "[IP::client_addr] any service " node  ]
                set myservice [persist lookup source_addr "[IP::client_addr] any service " port  ]
                pool $mypool member $mynode 
                log local0. "pool:$mypool , node: $mynode , service: $myservice"
               persist source_addr 255.255.255.255 3600 
               log local0. "pool:$mypool , node: $mynode , service: $myservice"
              }


    }
     }
}

when i look into logs i can see that pool and service is changing however in presistent table is still same i just wonder why is that


Oct  2 11:29:05 local/tmm info tmm[4247]: Rule www.abc.com-2 : host: www.abc.com , url: / , proto 80


Oct  2 11:29:06 local/tmm info tmm[4247]: Rule www.abc.com-2 : host: www.abc.com , url: / , proto 80
Oct  2 11:29:13 local/tmm info tmm[4247]: Rule www.abc.com-2 : host: www.abc.com , url: /test.html , proto 80
Oct  2 11:29:20 local/tmm info tmm[4247]: Rule www.abc.com-2 : host: www.abc.com , url: /admin , proto 80
Oct  2 11:29:20 local/tmm info tmm[4247]: Rule www.abc.com-2 : host: www.abc.com , url: /admin-login.html , proto 80
Oct  2 11:29:34 local/tmm info tmm[4247]: Rule www.abc.com-2 : host: www.abc.com , url: / , proto 80
Oct  2 11:29:34 local/tmm info tmm[4247]: Rule www.abc.com-2 : pool:pool1-5 , node: 192.168.200.11%1 , service: 80
Oct  2 11:29:34 local/tmm info tmm[4247]: Rule www.abc.com-2 : pool:pool1-5 , node: 192.168.200.11%1 , service: 80
Oct  2 11:29:45 local/tmm info tmm[4247]: Rule www.abc.com-2 : host: www.abc.com , url: / , proto 443
Oct  2 11:29:45 local/tmm info tmm[4247]: Rule www.abc.com-2 : pool:pool-https , node: 192.168.200.11%1 , service: 81
Oct  2 11:29:45 local/tmm info tmm[4247]: Rule www.abc.com-2 : pool:pool-https , node: 192.168.200.11%1 , service: 81
Oct  2 11:29:57 local/tmm info tmm[4247]: Rule www.abc.com-2 : host: www.abc.com , url: /test.html , proto 443
Oct  2 11:29:57 local/tmm info tmm[4247]: Rule www.abc.com-2 : pool:pool-https , node: 192.168.200.11%1 , service: 81
Oct  2 11:29:57 local/tmm info tmm[4247]: Rule www.abc.com-2 : pool:pool-https , node: 192.168.200.11%1 , service: 81
Oct  2 11:30:05 local/tmm info tmm[4247]: Rule www.abc.com-2 : host: www.abc.com , url: /test.html , proto 80
Oct  2 11:30:05 local/tmm info tmm[4247]: Rule www.abc.com-2 : pool:pool1-5 , node: 192.168.200.11%1 , service:
 80
Oct  2 11:30:05 local/tmm info tmm[4247]: Rule www.abc.com-2 : pool:pool1-5 , node: 192.168.200.11%1 , service: 80


TMM           0

Mode          source-address

Key           192.168.199.1

Age (sec.)    1060

Virtual Name  vip2

Virtual Addr  2620:0:c10:f501:0:1:c0a8:c70a:80

Node Addr     2620:0:c10:f501:0:1:c0a8:c80b:80

Pool Name     pool1-5

Client Addr   192.168.199.1%1
application delivery
devops
iRules

4 Replies

  • iamsajjad's avatar
    iamsajjad
    Icon for Cirrus rankCirrus
    Jun 27, 2025

    It's frustrating there is so few documenation on irule. Looks like you have good handle on this session sticky. I need to log timeout value if client IP matches with source IP of persistence reocrd. Wonder if you can give any lead? :) Thanks in advance.

  • Miro_62112's avatar
    Miro_62112
    Icon for Altostratus rankAltostratus
    Oct 02, 2013

    The problem is i want to accomplish it by Irules, this is more study case than real life, however by doing this i can learn.

     

    The I rule i actually working as expected however changing pool and service drives me crazy i just do not understand why when i do lookup on peristent table i got value for pool "pool-http" where in fact table contains pool1-5 as show above.

     

    So can someone advise and help me understand this behavior ?

     

    Regards,

     

  • Jason_40733's avatar
    Jason_40733
    Icon for Cirrocumulus rankCirrocumulus
    Oct 02, 2013

    In a source IP persistence profile, there are options to do the following:

     

    Match Across Services

     

    Match Across Virtual Servers

     

    Match Across Pools

     

    That might do what you're looking for without the iRules and complicated setups.