Forum Discussion
Angelo
Nimbostratus
NimbostratusMutiple i-rules on one VS
Hi
I have a request from a client to create a VS with two rules that need to be aplied to it.. one if traffic comes in on http i should send it to a specific pool if traffic comes in as http i should send it to another pool, thats working the second part is the problem if traffic comes in the /apps* on http send it to a third pool, if traffic comes in on https for /apps* send it to a fourth pool.. i'm not sure how to do this....
29 Replies
Mohamed_LrhaziAltocumulus
you need :
- One HTTP VS with two pools, one for /apps* and one for everything else.
- One HTTPs VS with two pools, one for /apps* and one for everything else.
No?- nitass
Employee
is it something like this? if not, can you provide more detail?[root@ve10:Active] config b virtual bar list virtual bar { snat automap destination 172.28.19.79:20175 ip protocol 6 rules myrule profiles { http {} myclientssl { clientside } tcp {} } } [root@ve10:Active] config b profile myclientssl list profile clientssl myclientssl { defaults from clientssl nonssl enable } [root@ve10:Active] config b rule myrule list rule myrule { when CLIENT_ACCEPTED { set is_ssl 0 } when CLIENTSSL_HANDSHAKE { set is_ssl 1 } when HTTP_REQUEST { if { [string tolower [HTTP::uri]] starts_with "/apps" } { if { $is_ssl } { pool foo1 } else { pool foo2 } } } } [root@ve10:Active] config b pool foo1 list pool foo1 { members 200.200.200.101:80 {} } [root@ve10:Active] config b pool foo2 list pool foo2 { members 200.200.200.111:80 {} } ssl [root@ve10:Active] config ssldump -Aed -nni 0.0 port 20175 or port 80 -k /config/ssl/ssl.key/default.key New TCP connection 1: 172.28.20.11(41472) <-> 172.28.19.79(20175) 1 1 1350977338.6448 (0.0151) C>S SSLv2 compatible client hello 1 2 1350977338.6448 (0.0000) S>CV3.1(81) Handshake 1 3 1350977338.6448 (0.0000) S>CV3.1(953) Handshake 1 4 1350977338.6448 (0.0000) S>CV3.1(4) Handshake 1 5 1350977338.6468 (0.0019) C>SV3.1(262) Handshake 1 6 1350977338.6468 (0.0000) C>SV3.1(1) ChangeCipherSpec 1 7 1350977338.6468 (0.0000) C>SV3.1(36) Handshake 1 8 1350977338.6653 (0.0184) S>CV3.1(1) ChangeCipherSpec 1 9 1350977338.6653 (0.0000) S>CV3.1(36) Handshake 1 10 1350977338.6666 (0.0013) C>SV3.1(197) application_data --------------------------------------------------------------- HEAD /apps/something HTTP/1.1 User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.79:20175 Accept: */* --------------------------------------------------------------- New TCP connection 2: 200.200.200.10(41472) <-> 200.200.200.101(80) 1350977338.6688 (0.0010) C>S --------------------------------------------------------------- HEAD /apps/something HTTP/1.1 User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.79:20175 Accept: */* --------------------------------------------------------------- not ssl [root@ve10:Active] config ssldump -Aed -nni 0.0 port 20175 or port 80 New TCP connection 1: 172.28.20.11(41470) <-> 172.28.19.79(20175) 1350977232.7057 (0.0007) C>S --------------------------------------------------------------- HEAD /apps/something HTTP/1.1 User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.79:20175 Accept: */* --------------------------------------------------------------- New TCP connection 2: 200.200.200.10(41470) <-> 200.200.200.111(80) 1350977232.7078 (0.0010) C>S --------------------------------------------------------------- HEAD /apps/something HTTP/1.1 User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5 Host: 172.28.19.79:20175 Accept: */* --------------------------------------------------------------- 
Angelotried it doesn't work. the problem is that i have four different pools that traffic is suppose to go to on http and https. so if traffic comes in on http -> pool 1
https -> pool 2
/apps https -> pool 3
/apps http -> pool 4
this is the best way i can explain. the other problem i have is that all the backend ports differ as well is this possible...
What_Lies_Bene1Cirrostratus
I think this might cover it;rule myrule { when CLIENT_ACCEPTED { set is_ssl 0 } when CLIENTSSL_HANDSHAKE { set is_ssl 1 } when HTTP_REQUEST { if { [string tolower [HTTP::uri]] starts_with "/apps" } { if { $is_ssl } { pool foo1 } else { pool foo2 } } elseif { $is_ssl } { pool foo3 } else { pool foo4 } } }
The first if checks for the /apps URI, if a match it checks for SSL, if a match, goes to pool foo1, if no SSL, pool foo2. If no match for /apps it checks for SSL, if a match, goes to pool foo3, if no SSL, pool foo4.- Angelothanks it's working last question i swear LOL... how do i change the rule for two URI's /apps and /applicationOracle
- What_Lies_Bene1Selecting the same pools as /apps?
ssievers_87378Posted By Angelo on 10/23/2012 04:53 AM thanks it's working last question i swear LOL... how do i change the rule for two URI's /apps and /applicationOracle Hi,in this case I think you can change
if { [string tolower [HTTP::uri]] starts_with "/apps" } {to
if { [string tolower [HTTP::uri]] starts_with "/app" } {Regards,
Sören
- Angeloyes sir it should
- Angeloand if i need to insert another URI like /global*
- What_Lies_Bene1There's a few ways to do it, here's the simplest, but if you need to add more, it would be best to use a data group;
rule myrule { when CLIENT_ACCEPTED { set is_ssl 0 } when CLIENTSSL_HANDSHAKE { set is_ssl 1 } when HTTP_REQUEST { if { (([string tolower [HTTP::uri]] starts_with "/apps") or ([string tolower [HTTP::uri]] starts_with "/global")) } { if { $is_ssl } { pool foo1 } else { pool foo2 } } elseif { $is_ssl } { pool foo3 } else { pool foo4 } } }
