Forum Discussion
hooleylist
Sep 15, 2008Cirrostratus
Using one VIP makes for less configuration, but it also leaves you with fewer and more complicated options if you want to manipulate the traffic. That, said, this should be pretty simple to do. If you want to add an HTTP based event to a rule, you need to use an HTTP profile on the VIP. If you have non-HTTP traffic going through the VIP, you'd want to disable the profile for it. It looks like you can determine whether it's an HTTP request or not based on the port the client makes the request to. So something like this should work:
when CLIENT_ACCEPTED {
log local0. "[IP::client_addr]:[TCP::client_port]: new TCP connection to [IP::local_addr]:[TCP::local_port]"
Check the port the client requested
switch [TCP::local_port] {
"2500" {
Client request is SSH, use SSH node
log local0. "[IP::client_addr]:[TCP::client_port]: SSH request. Using node and disabling HTTP"
node 172.16.1.33 22
Disable HTTP profile
HTTP::disable
}
"80" {
Client request is HTTP do nothing
log local0. "[IP::client_addr]:[TCP::client_port]: HTTP request"
}
default {
Client request is to an undefined port, so drop the packets
log local0. "[IP::client_addr]:[TCP::client_port]: undefined port. Dropping"
drop
}
}
}
when HTTP_REQUEST {
This event will only be triggered if the HTTP profile is enabled
and the HTTP headers are parsed
log local0. "[IP::client_addr]:[TCP::client_port]: new HTTP request to [HTTP::host][HTTP::uri]"
}
Aaron