Forum Discussion
PT2012_73791
Nimbostratus
NimbostratusLB irule and where to place in whith in an exisitng rule
Good morning all. I need help with an irule that might be better as an addition to an existing rather than a new one.
We currently have an external F5 forwarding mail requests to an internal F5. This then has 2 irules associated with it for appending, persistence and LB. The only pools configured including default pool are set within the irules.
What I need to do is add an additional pool OWA_webconsole_pool and forward any traffic with /webconsole in the HTTP Request to that pool. My issue is that I don't want to interfere with the exisiting rules and the basic rule id use has a default pool as its fall back. If I put this as a new rule last won't it negate any previous rules.
Heres what I want to do:
when HTTP_REQUEST {
if { [HTTP::uri] contains "/webconsole" } {
pool OWA_webconsole_pool
} else {
pool $def_pool
}
}but here are the 2 rules in order that already exist.
when HTTP_REQUEST {
if { ([HTTP::uri] == "/") } {
HTTP::uri /owa
}
}This seems to add /owa to all HTTP requests. will this overwrite any command coming in with /webconsole on the end?
when HTTP_REQUEST {
CHANGE ALL POOL NAMES TO MATCH THOSE IN YOUR ENVIRONMENT.
YOU MIGHT CHOOSE TO USE THE SAME POOL FOR OWA, ECP and EWS.
OAB and Autodiscover do not require persistence.
switch -glob -- [string tolower [HTTP::path]] {
"/microsoft-server-activesync" {
Direct all ActiveSync clients to a common pool; use Auth
header value if it exists (Basic auth only, which is the
default); otherwise we fall back to client IP
if { [HTTP::header exists "APM_session"] } {
persist uie [HTTP::header "APM_session"] 7200
}
elseif { [HTTP::header exists "Authorization"] } {
persist uie [HTTP::header "Authorization"] 7200
}
else {
persist source_addr
}
pool OwaMail_combined_vs_owa_pool
return
}
"/ews*" {
if { [HTTP::header exists "APM_session"] } {
persist uie [HTTP::header "APM_session"] 7200
}
else {
persist cookie
}
pool OwaMail_combined_vs_owa_pool
return
}
"/ecp*" {
if { [HTTP::header exists "APM_session"] } {
persist uie [HTTP::header "APM_session"] 7200
}
else {
persist cookie
}
pool OwaMail_combined_vs_owa_pool
return
}
"/oab*" {
pool OwaMail_combined_vs_owa_pool
return
}
"/rpc/rpcproxy.dll" {
if { [HTTP::header exists "APM_session"] } {
persist uie [HTTP::header "APM_session"] 7200
}
else {
switch -glob [string tolower [HTTP::header "User-Agent"]] {
"msrpc" {
if { [HTTP::cookie exists "OutlookSession"] } {
persist uie [HTTP::cookie "OutlookSession"] 7200
}
else {
persist uie [HTTP::header "Authorization"] 7200
}
}
"*microsoft office*" {
This section matches some versions of Outlook 2007 on Windows XP
persist uie [HTTP::header "Authorization"] 7200
}
default {
This section catches all other requests for Outlook
Anywhere, and sets a persistence method that does
not require the client to support HTTP cookies
persist source_addr
}
}
}
Finally, this assigns the Outlook Anywhere pool. If the preceding clients
should be sent to separate pools, the pool statement should be removed
here, and a separate pool statement placed in each of the preceding
logic branches.
pool OwaMail_combined_vs_owa_pool
return
}
"/autodiscover*" {
Requests for Autodiscovery information. No Persistence.
pool OwaMail_combined_vs_ad_pool
return
}
default {
This final section takes all traffic that has not otherwise
been accounted for and sends it to the pool for Outlook Web App
if { [HTTP::header exists "APM_session"] } {
persist uie [HTTP::header "APM_session"] 7200
} else {
persist cookie
}
pool OwaMail_combined_vs_ad_pool
}
}
}
when HTTP_RESPONSE {
if { [HTTP::header values WWW-Authenticate] contains "Negotiate" } {
ONECONNECT::detach disable
log local0. "OC disabled for Negotiate my_ex_single_persist"
}
}This makes all the major LB and persistence decisions but I'm not sure where I would insert my new code to ensure that it only applied to /webconsole traffic and left everything else alone. I assume I would need to remove the pool $def_pool line.
Any advices would be hugely appreciated.
Henrik_GyllkranSimple enough, your second iRule should look like this:
when HTTP_REQUEST { CHANGE ALL POOL NAMES TO MATCH THOSE IN YOUR ENVIRONMENT. YOU MIGHT CHOOSE TO USE THE SAME POOL FOR OWA, ECP and EWS. OAB and Autodiscover do not require persistence. switch -glob -- [string tolower [HTTP::path]] { "/microsoft-server-activesync" { Direct all ActiveSync clients to a common pool; use Auth header value if it exists (Basic auth only, which is the default); otherwise we fall back to client IP if { [HTTP::header exists "APM_session"] } { persist uie [HTTP::header "APM_session"] 7200 } elseif { [HTTP::header exists "Authorization"] } { persist uie [HTTP::header "Authorization"] 7200 } else { persist source_addr } pool OwaMail_combined_vs_owa_pool return } "/ews*" { if { [HTTP::header exists "APM_session"] } { persist uie [HTTP::header "APM_session"] 7200 } else { persist cookie } pool OwaMail_combined_vs_owa_pool return } "/ecp*" { if { [HTTP::header exists "APM_session"] } { persist uie [HTTP::header "APM_session"] 7200 } else { persist cookie } pool OwaMail_combined_vs_owa_pool return } "/oab*" { pool OwaMail_combined_vs_owa_pool return } "/rpc/rpcproxy.dll" { if { [HTTP::header exists "APM_session"] } { persist uie [HTTP::header "APM_session"] 7200 } else { switch -glob [string tolower [HTTP::header "User-Agent"]] { "msrpc" { if { [HTTP::cookie exists "OutlookSession"] } { persist uie [HTTP::cookie "OutlookSession"] 7200 } else { persist uie [HTTP::header "Authorization"] 7200 } } "*microsoft office*" { This section matches some versions of Outlook 2007 on Windows XP persist uie [HTTP::header "Authorization"] 7200 } default { This section catches all other requests for Outlook Anywhere, and sets a persistence method that does not require the client to support HTTP cookies persist source_addr } } } Finally, this assigns the Outlook Anywhere pool. If the preceding clients should be sent to separate pools, the pool statement should be removed here, and a separate pool statement placed in each of the preceding logic branches. pool OwaMail_combined_vs_owa_pool return } "/autodiscover*" { Requests for Autodiscovery information. No Persistence. pool OwaMail_combined_vs_ad_pool return } "/webconsole*" { pool OWA_webconsole_pool } default { This final section takes all traffic that has not otherwise been accounted for and sends it to the pool for Outlook Web App if { [HTTP::header exists "APM_session"] } { persist uie [HTTP::header "APM_session"] 7200 } else { persist cookie } pool OwaMail_combined_vs_ad_pool } } } when HTTP_RESPONSE { if { [HTTP::header values WWW-Authenticate] contains "Negotiate" } { ONECONNECT::detach disable log local0. "OC disabled for Negotiate my_ex_single_persist" } }So webconsole is added as another label for the same switch-statement that selects all the other pools depending on the path of the URI. So the logic certainly belong in this iRule. To answer your questions - it is correct to merge this into the same iRule because it deals with the same type of decision, but even if you put it as a separate rule it wouldn't negate anything done previously unless there was a conflict between the two iRules. These iRules all handle different URI:s so there's no conflict.
And the iRule that adds "owa" only does so when the URI is exactly "/". It probably should look for an empty URI as well but I guess the webserver will handle that.
PT2012_73791Thank you, thank you. That makes sense and gives me some confidence that I was on the right track (even if I need help to see the light).
I just had misgivings about my reasoning because obviously if it went wrong it had big implications for the whole VIP.
I'll read it through again to make sure I understand it and then we'll see how it goes.
Cheers