Forum Discussion
CirrusPersistence for selected URIs on a VS
Looking for suggestions on the best way to accomplish this.
We want specific URIs to have cookie persistence enabled while the persistence on the virtual server is None.
I'm pretty sure this could be done with an iRule but wanted to check whether there's a better way since I'm returning to F5 after a five year absence.
These URIs need cookie persistence, any other URI will not use peristence:
/blahblah/app/
/blahblah/api/
Bonus question:
They want those same URIs blocked from public access. What's the easiest way to ACL those while leaving the rest of it open?
James_ThomsonEmployee
https://clouddocs.f5.com/api/irules/persist.html
when HTTP_REQUEST {
# Check the requested URI
switch -glob [HTTP::uri] {
"/path1/*" -
"/path2/*" {
# Request was for an IIS URI so select the pool and set a pool-specific cookie
pool iis_pool
persist cookie insert iis_persist 0
}
}
For your second question,when you say "blocked form public access", what does "private" access mean? Only allowed from certain subnets? how many subnets? Something else?
Dave_NoonanYour code looks a lot like what I came up with after further searching, so that's reassuring.
when HTTP_REQUEST { switch -glob [string tolower [HTTP::path]] { "/blahblah/app/*" - "/blahblah/api/*" { # If client is public IP then send 404 if { not ([class match [IP::client_addr] equals private_net]) } { HTTP::respond 404 content "HTTP ERROR 404 Reason:Not Found" Mime-Type "text/html" event disable TCP::close } else { # If client is private IP set cookie persistence persist cookie insert blahblah_Cookie 0 } } } }The second question is just to block those from non-RFC1918 IP space. I included that in my irule but feel free to tell me if there's a better way.