Forum Discussion
NacreousNeed help on i-rule
Need an i-rule to modify the payload of http for receiving traffic from client cloud to the internal server. payload should be modified in such a way that, internal server should send notification (return traffic) through another virtual server on same LTM and should be http traffic. traffic from client cloud to F5 is https.
8 Replies
ArieAltostratus
Are you asking for a mechanism that causes the 'internal server' (pool member?) to initiate a notification message somewhere or are you wanting to route the return traffic through a different VIP? Your request is not entirely clear to me.
spalandeHi Arie,
Yes, that's right. Or need an alternative solution with i-rule. Scenario is traffic coming from server which is in internet cloud is having a URL which points to dynamic IP. It sends IDS request (http request) to internal pool member. Need to have a another notification request which should be generated by internal pool member and send to the server in cloud.- spalandeHi Arie,
Yes, that's right. Or need an alternative solution with i-rule. Scenario is traffic coming from server which is in internet cloud is having a URL which points to dynamic IP. It sends IDS request (http request) to internal pool member. Need to have a another notification request which should be generated by internal pool member and send to the server in cloud. - ArieThe Cloud Service may have a dynamic IP-address, but I assume that the IP-address won't change during the conversation. Is that correct?
- spalandeSometime it may. So need to direct return traffic using cloud domain name and not on IP address
- ArieI'm still puzzled by this. From a web application perspective it would be highly improbable that a client would send a response to another IP-address during the same conversation. Browsers generally hang on to IP-addresses for a relatively long time after the initial DNS-request. Even F5's GTMs don't have a way to let existing clients know that an IP-address has changed.
- spalande
when HTTP_REQUEST { set lent [HTTP::header Content-Length] log local0.info "Content-length $lent" HTTP::collect $lent log local0.info "Collected" }
when HTTP_REQUEST_DATA { log local0.info "Request data..."
Get ELB domain from data group already configured set val [class match -value "Cloud_ELB_Domain" contains PAM_Config] set cloudUrl "https://$val" set val1 [class match -value "Notification_Server" contains PAM_Config] set replaceUrl "http://$val1" log local0.info "To replace $cloudUrl with $replaceUrl" if { [HTTP::payload] contains $static::cloudUrl} { log local0.info "Payload matches" set newPLoad [string map [list $static::cloudUrl $replaceUrl] [HTTP::payload]] HTTP::payload replace 0 [string length $newPLoad ] $newPLoad log local0.info "Payload modified" } HTTP::release}
- spalande
currently we are using above i-rule where we collect HTTP data and changes cloud URL to another virtual server IP, where return notification traffic will be sent. Is there any other possible way to do this or optimize the above i-rule. Pls assist!!
