For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

scott_sams_8256's avatar
scott_sams_8256
Icon for Nimbostratus rankNimbostratus
Oct 22, 2007

mixed irule?

i am new to irules so forgive my ignorance.

 

 

we use a simple irule as follows. i want to do a redirect to a url on the else (public inbound traffic) during maintenance).

 

 

when CLIENT_ACCEPTED {

 

checks to see if client_addr = any in the class

 

if { [matchclass [IP::client_addr] equals $::private_net]} {

 

snat automap

 

use pool g_pool

 

} else {

 

snat none

 

use pool g_pool

 

}

 

}

 

 

i had looked at using http_redirect but that isnt valid under the client_accepted. is there another way to do this?

 

 

thanks,

 

scott

 

 

application delivery
dev
devops
iRules

3 Replies

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Oct 22, 2007
    You can only use an HTTP:: command once the HTTP has been parsed. The HTTP hasn't been parsed in the CLIENT_CONNECTED event, so the HTTP::redirect command is invalid. You can issue a redirect in the HTTP_REQUEST event though (when LTM parses the HTTP headers in a request). If you only want to redirect the client during a maintenance window, you could use a separate rule: 

    
when HTTP_REQUEST {
   checks to see if client_addr = any in the class
   if { not ([matchclass [IP::client_addr] equals $::private_net])} {
      HTTP::redirect http://maintenance.example.com
   }
}

    Else, if you want to combine the two in the HTTP_REQUEST event, here's an example:

    
when HTTP_REQUEST {
    checks to see if client_addr = any in the class
   if { [matchclass [IP::client_addr] equals $::private_net]} {
      snat automap
      use pool g_pool
   } else {
      HTTP::redirect http://maintenance.example.com
       snat none
       use pool g_pool
   }
}

    Aaron
  • scott_sams_8256's avatar
    scott_sams_8256
    Icon for Nimbostratus rankNimbostratus
    Oct 22, 2007
    Thanks Aaron. I guess I can create a second irul (your second example) and just switch which irule we use during the window. That is what I was looking for I think. I guess now it makes me question what the CLIENT_ACCEPTED is used for. It appears to me there is no reason other than picking an irule type?
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Oct 22, 2007
    That should work fine.

     

     

    The CLIENT_ACCEPTED event is triggered (for a virtual server with a TCP profile) when a client establishes a TCP connection with the virtual server. HTTP_REQUEST is triggered when there is an HTTP profile associated with the VIP and LTM parses the HTTP headers in the request. For more detail on the events, you can check the wiki page (Click here). Note that the list of valid commands for each event is fairly incomplete.

     

     

    Aaron