Forum Discussion
funkdaddy_31014
Nimbostratus
Nimbostratusmaintenance iRule behavior - multiple redirect/respond and event disable
Hello iRules gurus!
We have an iRule called "maintenance" that we put up on many VIPs (with highest priority - fires first) at once when we're doing scheduled maintenance that should respond to all client requests from outside our network with HTML showing that the site is under maintenance. Only problem is that it doesn't behave exactly as designed. The iRule below generally works EXCEPT when one of the other iRules on the associated VIPs hits an HTTP::respond or HTTP::redirect, in which case we get a TCL Error "Multiple redirect/respond invocations not allowed".
Maintenance iRule:
when HTTP_REQUEST priority 10 {
if { ([matchclass [IP::client_addr] equals $::internal_net]) } {
for matched IPs - allows pass-thru
} else {
switch -glob [HTTP::path] {
"/xyz" {
exception to maint page - do something here
}
default {
HTTP::respond 200 content {
html content here
}
event disable
}
}
}
}
I have tried the adding an "event disable" (see commented out line above) to stop future HTTP_REQUEST events from firing. This appears to work but ONLY on the first load. Successive refreshes from the client browser will, for some reason, then bypass the maintenance page and display the content we're trying to block from the outside. Does anyone have a reasonable explanation for why that fails?
Short of catching all the HTTP::respond and HTTP::redirect's from the other iRules, is there a better solution or implementation of "event disable" to make this work?
Thanks!
-funkdaddy
funkdaddy_31014Posted By funkdaddy on 11/21/2011 04:10 PM
Hello iRules gurus!
We have an iRule called "maintenance" that we put up on many VIPs (with highest priority - fires first) at once when we're doing scheduled maintenance that should respond to all client requests from outside our network with HTML showing that the site is under maintenance. Only problem is that it doesn't behave exactly as designed. The iRule below generally works EXCEPT when one of the other iRules on the associated VIPs hits an HTTP::respond or HTTP::redirect, in which case we get a TCL Error "Multiple redirect/respond invocations not allowed".
Maintenance iRule:
when HTTP_REQUEST priority 10 {
if { ([matchclass [IP::client_addr] equals $::internal_net]) } {
for matched IPs - allows pass-thru
} else {
switch -glob [HTTP::path] {
"/xyz" {
exception - do something here
}
default {
HTTP::respond 200 content {
Site Maintenance Notice
}
event disable
}
}
}
}
I have tried the adding an "event disable" (see commented out line above) to stop future HTTP_REQUEST events from firing. This appears to work but ONLY on the first load. Successive refreshes from the client browser will, for some reason, then bypass the maintenance page and display the content we're trying to block from the outside. Does anyone have a reasonable explanation for why that fails?
Short of catching all the HTTP::respond and HTTP::redirect's from the other iRules, is there a better solution or implementation of "event disable" to make this work?
Thanks!
-funkdaddy
nitassEmployee
would you mind trying to put HTTP::close after HTTP::respond?
HTTP::close wiki
http://devcentral.f5.com/wiki/iRules.HTTP__close.ashx- funkdaddy_31014Thanks nitass for your response.
F5 support made a similar recommendation - put a TCP::close right after the response.
And (drumroll please...) I'm happy to say that either one (HTTP::close or TCP::close) fixes the problem!
Thanks for your help.
So now my WORKING maintenance iRule is:
when HTTP_REQUEST priority 10 {
if { ([matchclass [IP::client_addr] equals $::internal_net]) } {
for matched IPs - allows pass-thru
} else {
switch -glob [HTTP::path] {
"/xyz" {
exception to maint page - do something here
}
default {
HTTP::respond 200 content {
html content here
}
TCP::close
event disable
}
}
}
}