Forum Discussion
Altocumuluspool redirect based on uri
So I have a list of like 9 different URIs that would be paths from one URL. I am wondering the best way to do it with an Irule. it would be
domain.com/
/bla1 insidepool:8101/bla1
/bla2 insidepool:8101/bla2
/bla3 insidepool:8101/bla3
/bla4 insidepool:8102/bla4
/bla5 insidepool:8005/bla5
on and on.
I am wondering if I should do a list of if uri equals and put the exact input in there then do pool. Then have a default pool as the end? My fear is that the list may expand. Also will it automatically carry the URI to the pool? Meaning once it hits the pool it will go to /URI on that node?
Thanks Joe
12 Replies
Brad_ParkerCirrus
If you are worried about you list of URIs expanding you should start with a data group. Put all your URIs in a data group with their value set to the associated pool for that uri. i.e /blah1 would have the value field set to insidepool8101(or whatever you name the pool). The data group can be updated whenever you want to add an additional uri/pool. Then you can use an iRule like this. And yes, the pool selection will not affect the request being sent to the pool.
when HTTP_REQUEST { if { [class match [string tolower [HTTP::path]] starts_with "uriDataGroup" }{ pool [class match -value [string tolower [HTTP::path]] starts_with "uriDataGroup"] } else { pool defaultPool } }
sundogbrewBrad, thanks a bunch.
I have not used data groups before but this sounds like a great solution. Thanks Joe
Stanislas_Piro2Cumulonimbus
Hi,
If your ltm version is 11.4 or above, try local traffic policies instead of I rules...
Create a new policy with properties:
- Policy requires http
- Policy controls forwarding
For each policy rule, define:
- condition : http-uri parh starts_with /blaX
- action : forward pool poolX
Create a default rule without conditon assigning the default pool
- sundogbrew
Stanislas, I never used this before and it seems really cool! I created what I think to be the correct policy and added it to my vip. Unfortunately I get nothing. How can I troubleshoot the problem when I am using policies? Thanks Joe
- sundogbrew
ltm policy test-banner-policy { controls { forwarding } requires { http } rules { Default-pool-543 { actions { 0 { forward select pool banner-beis-trnxe1-pool_543 } } conditions { 0 { http-uri values { * } } } ordinal 4 } GeneralEventManagement { actions { 0 { forward select pool banner-beis-trnxe1-pool_8101 } } conditions { 0 { http-uri path starts-with values { BannerGeneralEventManagement StudentAttendanceTracking StudentApi } } } ordinal 1 } StudentClassSchedule { actions { 0 { forward select pool banner-beis-trnxe1-pool_8102 } } conditions { 0 { http-uri path starts-with values { StudentClassSchedule StudentCourseCatalog } } } ordinal 2 } banneraxtnl01-8103 { actions { 0 { forward select pool banner-beis-trnxe1-pool_8103 } } conditions { 0 { http-uri starts-with values { StudentOverall StudentRegistration } } } ordinal 3 } } strategy first-match }
- sundogbrew
Stanislas, I am closer... But still not quite there.
ltm policy test-banner-policy { controls { forwarding } requires { http } rules { GeneralEventManagement { actions { 0 { forward select pool banner-beis-trnxe1-pool_8101 } } conditions { 0 { http-uri path values { /BannerGeneralEventManagement /StudentAttendanceTracking /StudentApi } } } ordinal 1 } StudentClassSchedule { actions { 0 { forward select pool banner-beis-trnxe1-pool_8102 } } conditions { 0 { http-uri path values { /StudentClassSchedule /StudentCourseCatalog } } } ordinal 2 } banneraxtnl01-8103 { actions { 0 { forward select pool banner-beis-trnxe1-pool_8103 } } conditions { 0 { http-uri values { /StudentOverall /StudentRegistration } } } ordinal 3 } bannertxl01-default-pool_543 { actions { 0 { forward select pool banner-beis-trnxe1-pool_543 } } conditions { 0 { http-uri values { * } } } ordinal 4 } } strategy first-match}
- sundogbrew
Stanislas, I actually changed these to "starts with" rather than equals and it works. I really like this and can see a lot of good places for this! Thanks so much for your help!!!!! Joe
- sundogbrew
Guys, this is working except now they want to add an authentication piece to it and pass it to 443. Will that work? I would prefer not to unencrypted and re-encrypt between the F5 and the server. If I just continue on and add another rule to the bottom of this policy that points to port 443 will that work? Or do I need to do something else?
Thanks in advance! Joe - sundogbrew
OK, so if I do want to unencrypted and re-encrypt how do I do that? I have never done that. Does it add overhead to the traffic flow? Thanks Joe
- sundogbrew
Commenting on my own question... So can you do the un-encrypt -> re-encrypt in the same URL in the same policy as other URIs that don't need it? Can you do that with an Irule? So to summarize for anyone who might be able to lend some help who hasn't been following the whole thread. I have a URL and a list of URIs I want to redirect to different pools based on the URI. I got an Irule example and a policy example. I decided to try the policy example which I got working nicely UNTIL, they decided they wanted to do some encrypted traffic all the way to the server. So adding a rule to the policy that just pushes the traffic to 443 didn't fix the problem. Adding a server cert to the URL fixed the encrypted traffic problem but it broke the original rules that did work. So can you do un-encrypt re-encrypt in the same policy or Irule as one that unencrypts and forwards on. Thanks Joe
