Forum Discussion

Yozzer's avatar
Yozzer
Icon for Nimbostratus rankNimbostratus
Jul 08, 2012

Pool not called

Hi

Is there any other configuration i need to perform to get the following irule to trigger correctly:

when HTTP_REQUEST {

if {[HTTP::uri] contains "/test/"} {

log -noname local0. "should go to pool"

pool https_pool

}

}

The log command is executing (so i know the if command is being triggered) and the request is being sent to the https_pool pool but no response comes back from the server. I know the pool member is correct as when i change it i get a compilation error.

I added the following and i can see that the correct pool has been selected and the pool is up and accessible:

when LB_SELECTED {
  log local0. "Selected server: [LB::server]" 
}
when LB_FAILED {
  log local0. "Selected server: [LB::server]" 
}
ASM is being used but the page i want to access has no restrictions.

I want requests to /test/ to go to a different pool which will handle the users login and then set the cookie for the same domain.

Thanks

application delivery
dev
devops
iRules
  • Yozzer's avatar
    Yozzer
    Icon for Nimbostratus rankNimbostratus
    Aug 27, 2012

    So this should work fine:

     

     

    if {[HTTP::uri] contains "/test/"} {

     

    SSL::enable serverside

     

    persist source_addr

     

    pool https_pool

     

    } else {

     

    pool http_pool

     

    }

     

     

     

    Which will use the source_addr settings predefined in Local Traffic ›› Profiles : Persistence. So, as the stickiness timeout is defined for 3 minutes in source_addr then the chosen pool member will be available to the user for 3 minutes. Is that correct?

     

     

    Thanks

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Sep 02, 2012
    Which will use the source_addr settings predefined in Local Traffic ›› Profiles : Persistence. So, as the stickiness timeout is defined for 3 minutes in source_addr then the chosen pool member will be available to the user for 3 minutes. Is that correct?i understand you also have to assign source_addr persistence profile to virtual server to use timeout setting in profile. so, you could use persist none when http_pool is used.

    another way is to specify timeout in persist irule command i.e. no persistence profile is required to assign to virtual server.

    e.g. 

    [root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   destination 172.28.19.79:443
   ip protocol 6
   rules myrule
   profiles {
      clientssl {
         clientside
      }
      http {}
      serverssl {
         serverside
      }
      tcp {}
   }
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when HTTP_REQUEST {
   set uri [HTTP::uri]
   SSL::disable serverside
   if {[string tolower $uri] contains "/test/"} {
      SSL::enable serverside
      persist source_addr none 180
      pool https_pool
   } else {
      pool http_pool
   }
}
when SERVER_CONNECTED {
   log local0. "client [IP::client_addr]:[TCP::client_port] | vs [clientside {IP::local_addr}]:[clientside {TCP::local_port}] | server [IP::remote_addr]:[TCP::remote_port] | uri $uri"
}
}
[root@ve10:Active] config  b pool https_pool list
pool https_pool {
   members 200.200.200.102:443 {}
}
[root@ve10:Active] config  b pool http_pool list
pool http_pool {
   members 200.200.200.101:80 {}
}

[root@ve10:Active] config  tail -f /var/log/ltm
Sep  3 00:47:46 local/tmm info tmm[4925]: Rule myrule : client 172.18.204.138:49208 | vs 172.28.19.79:443 | server 200.200.200.101:80 | uri /
Sep  3 00:47:51 local/tmm info tmm[4925]: Rule myrule : client 172.28.19.251:41644 | vs 172.28.19.79:443 | server 200.200.200.102:443 | uri /test/


[root@ve10:Active] config  b persist show all
PERSISTENT CONNECTIONS
|     Mode source addr   Value 172.28.19.251
|        virtual 172.28.19.79:443   node 200.200.200.102:443   age 7sec