MR_RJ
May 16, 2011Cirrus
Need a iRule to set persistence based on http content
Hi,
We are using RSA-SecurID and their solution how to configure a web farm that is load balanced. The short story, the agents on the servers act as one agent and if you are authenticated to one server, then you are authenticated to all of them.
This works really well together with the F5 LTM. ...except for one thing. If the password is entered wrong several times there will be a form of a challenge prompted to the user. When the user is submitting this the request/response might go to another server then it originated from.
I'm very new to iRule, we havent had any major challenges so I've only created a few simple ones.
But anyway... the solution I was thinking of was a iRule that is doing something like this:
when http_respons {
if { http::uri contains "/securid/agent.dll" && http::payload contains "SecurID Next Tokencode Request" } {
}
I've been playing around a bit with the idea and trying to create a iRule for it but I'm not even sure that this is the right approach. I've seen some similar solutions but they seems to be a bit to advanced for what I'm trying to do.
Worst case scenario is enabling persistence on all sessions but then we will have a long drain time etc, now I can (if needed) just force a node offline and no one will notice... that's worth a lot.
Any ideas of other solutions or how to write the iRule?
Thanks in advance!
Robert