Forum Discussion

Jose_Santiago_O's avatar
Jose_Santiago_O
Icon for Nimbostratus rankNimbostratus
Jan 07, 2009

Pool redirection based on cookie using SSL Termination.

Hi,

Is it possible to verify if a cookie exists using SSL Termination?

I have this rule: 

 
 when HTTP_REQUEST { 
       if { [HTTP::cookie exists "MyCookie"] } { 
 pool mynewpool} 
 else { 
 pool myoldpool} 
 }

But It's not working, may be I am using the wrong event, when I test my page, it keeps loading forever until I disable the rule.

I have a Client SSL profile in my virtual server with no Server SSL profile, the idea is to redirect the users to a new pool of servers only if they have a cookie.

Is there a way I can do that?

Regards,

Jose Santiago Oyervides.
application delivery
dev
devops
iRules
  • Puneet_110030's avatar
    Puneet_110030
    Icon for Nimbostratus rankNimbostratus
    Jan 07, 2009
    Hi All,

     

     

    I am new to I-rules and need help with switching between ssl profiles. Here is a description of my scenario:-

     

     

    1) I have a vurtual server that listens on port 443.

     

    2) This virtual server has 2 webservers as pool members both hosting different pages at different root contexts. What I mean is both pool memebrs host https://mylabs.local.com and https://mylabs.local.com/new/order

     

    3)I have a ssl profile attached to the above mentioned virtual server.

     

     

    My question is:-

     

     

    1) I want to use clinet authentication when the uri contains /new/order, but if the incoming request is https://mylabs.local.com then it should not ask for client authntication.

     

    2) Can I do this using an I-Rule and if yes can you outline it for me

     

    3) Also do I need to have 2 ssl profiles on the LB one that is simple and the other that has client auth certificate as this will be called by the I-Rule.

     

  • dennypayne's avatar
    dennypayne
    Icon for Employee rankEmployee
    Jan 07, 2009
    Hi Jose,

     

     

    Your logic looks good, you might need to use a OneConnect profile on the virtual server that the rule is attached to (since the rule will be evaluated on every http request and you want to ensure the client connects to the same server). You might also need a persist statement if persistence isn't set on the virtual.

     

     

    Puneet, you should probably start a new post for your topic rather than attaching an unrelated question on this one.

     

     

    Denny
  • Jose_Santiago_O's avatar
    Jose_Santiago_O
    Icon for Nimbostratus rankNimbostratus
    Jan 07, 2009
    Hi Denny,

     

    Thanks for your response, I added a oneconnect profile (with mask 255.255.255.255) and source address persistance and my virtual servers still isn't working, until I remove the irule.

     

     

    Any other ideas?

     

     

    Jose Oyervides.
  • dennypayne's avatar
    dennypayne
    Icon for Employee rankEmployee
    Jan 07, 2009
    Hmm...not sure where else to start other than adding some logging to see if you're even getting into the rule: 

       
   when HTTP_REQUEST {    
          if { [HTTP::cookie exists "MyCookie"] } {   
                log local0. "Found cookie"    
    pool mynewpool    
                } else {   
                log local0. "No cookie"    
    pool myoldpool   
      }    
    }

    I moved the brackets around a bit too, I don't think it matters as long as it compiles in the GUI but ??

    Denny
  • Jose_Santiago_O's avatar
    Jose_Santiago_O
    Icon for Nimbostratus rankNimbostratus
    Jan 07, 2009
    Hi Penny,

     

     

    After adding logging to my rule, I realized I was doing something wrong in my rule. I was redirecting to the wrong pool, after fixing that it now works fine.

     

     

    Thanks a lot for your help.

     

     

    Jose Santiago Oyervides.