Forum Discussion
NimbostratusLTM Policy Combining ASM and Forwarding - Not Working
Hi all,
I've combined two LTM policies that were both attached to a single VS. One just used Forwarding and the other effectively a "send all to ASM" default policy. Both policies are fairly simple as far as I'm concerned, but the combined policy (below) doesn't seem to work fully.
The last test I did, everything appeared to be OK, except for the "redirect-to-home" bit. It's supposed to ensure that if you enter the FQDN of the app and nothing else you get redirected to There are two ways in which this didn't work: 1) I just ended up with a blank page, which was not and 2) if I entered I would get redirected to
I tried each of the strategies, but all resulted in the same behaviour. I'm sure it's going to be something incredibly simple that I've overlooked - perhaps in disabling ASM in the redirect section? - but I can't seem to figure it out. I'm hoping someone can see an obvious error as I'm unable to re-apply this policy to the VS at the moment because the app is used quite heavily.
Thanks for any help.
Cheers, Ben.
ltm policy policy-asm-someapp-uat-3 {
controls { asm forwarding }
requires { http }
rules {
default {
actions {
0 {
asm
enable
policy /Common/asm-someapp-uat
}
}
ordinal 3
}
poolselect-by-host-value {
actions {
0 {
forward
select
pool someappcaas-444.uat.somecorp.com
}
1 {
asm
enable
policy /Common/asm-someapp-uat
}
}
conditions {
0 {
http-host
host
values { someappcaas.uat.somecorp.com someapp.online.ecom.abc }
}
}
ordinal 2
}
redirect-to-home {
actions {
0 {
asm
disable
}
1 {
http-reply
response
redirect
location https://[HTTP::host]/home
}
}
conditions {
0 {
http-uri
values { / }
}
}
ordinal 1
}
}
strategy best-match
}
4 Replies
- nitass
Employee
1) I just ended up with a blank page, which was not
it seems HTTP::host returns null.
configuration root@(B4200-R77-S7)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm virtual bar ltm virtual bar { destination 200.200.200.114:80 ip-protocol tcp mask 255.255.255.255 policies { policy-asm-someapp-uat-3 { } } pool foo profiles { http { } tcp { } websecurity { } } security-log-profiles { "Log illegal requests" } source 0.0.0.0/0 source-address-translation { type automap } vs-index 2 } root@(B4200-R77-S7)(cfg-sync Standalone)(Active)(/Common)(tmos) list ltm policy policy-asm-someapp-uat-3 ltm policy policy-asm-someapp-uat-3 { controls { asm forwarding } requires { http } rules { default { actions { 0 { asm enable policy /Common/bar } } ordinal 3 } poolselect-by-host-value { actions { 0 { forward select pool foo } 1 { asm enable policy /Common/bar } } conditions { 0 { http-host host values { someappcaas.uat.somecorp.com someapp.online.ecom.abc } } } ordinal 2 } redirect-to-home { actions { 0 { asm disable } 1 { http-reply response redirect location https://[HTTP::host]/home } } conditions { 0 { http-uri values { / } } } ordinal 1 } } strategy best-match } test [root@B4200-R77-S7:Active:Standalone] config curl -I http://172.28.24.10/ -H "Host: test.com" HTTP/1.0 302 Found Location: https:///home Server: BigIP Connection: Keep-Alive Content-Length: 02) if I entered I would get redirected to
i think this one is not redirected by local traffic policies (because you uses equal in policies' condition).
Ben_Johnson_191Thanks for the superfast answer! I have double-checked that the iRules attached to the same VS do absolutely nothing with redirects. They're only manipulating cookies and removing unwanted headers from responses.
I'm a bit confused by the HTTP::host returning nothing as I'm certain that was working? However, that would explain the blank page as a response. Can you suggest what I could use in place of HTTP::host, given that the hostname in the request could be any one of three?
Thanks again for the help.
- nitass
Can you suggest what I could use in place of HTTP::host, given that the hostname in the request could be any one of three?
i tried IP::local_addr (replaced HTTP::host with IP::local_addr) and it returned correctly. i am not sure whether it is a bug or HTTP:: is not supported in location parameter. i do not find any known issue in knowledge base. if you want, you can also open a support case to verify.
- Ben_Johnson_191
Ah! I think it should be:
https://[getfield [HTTP::host]]/homeFound this on DevCentral: https://devcentral.f5.com/questions/creating-a-redirect-with-local-traffic-policies-v114
I haven't yet had a chance to try it. Pulling the host name from the original request is important because this VS will answer for three separate URLs (eg. someapp.somecorp.com, someapp.internal.abc, someapp.somecorp.local) and the LTM Policy needs to redirect to an appropriate pool based on the Host value.
I think I had used the "getfield [...]" option before, but for some reason thought I could get away with just using the HTTP::host portion, as used to work in HTTP Classes.
