Forum Discussion
Jeremy_C_Russel
Nimbostratus
NimbostratusPossible issue with an iRule
Greetings all.
I wanted to get some eyes on this particular rule I've setup. The premise is to take urls in the form of http://string.domain.com or http://www.string.domain.com, capture "string" and redirect to a new url, http://www.domain.com/SomeURI?a= where we append the captured string.
I've tested this and it works fine, but for some folks its errors.. in IE, is give them a 404 and in Firefox, it's complaining of a "Connection Reset".
I can't see anything as to why this would be caused.
if { [regexp {www} [HTTP::host]] } {
scan [HTTP::host] {%[^.].%[^.].%s} www host dom
} else {
scan [HTTP::host] {%[^.].%s} host dom
}
if { not [regexp {domain|www|wsecure|ssl} $host] } {
log local0. "Caught a MS host $host, redirecting..."
HTTP::redirect "https://www.domain.com/MS/RedirectMS?site=hub&value=$host"
}
6 Replies
- nitass
Employee
not sure if adding log command is helpful in troubleshooting.
e.g.[root@ve1023:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { set www "" if {[regexp {www} [HTTP::host]]} { scan [HTTP::host] {%[^.].%[^.].%s} www host dom } else { scan [HTTP::host] {%[^.].%s} host dom } log local0. "[IP::client_addr]:[TCP::client_port]|[HTTP::host]|[HTTP::uri]|$www|$host|$dom" if {not [regexp {domain|www|wsecure|ssl} $host]} { log local0. "Caught a MS host $host, redirecting..." HTTP::redirect "https://www.domain.com/MS/RedirectMS?site=hub&value=$host" } } } [root@ve1023:Active] config curl -I http://abc.com/test HTTP/1.0 302 Found Location: https://www.domain.com/MS/RedirectMS?site=hub&value=abc Server: BigIP Connection: Keep-Alive Content-Length: 0 [root@ve1023:Active] config Nov 14 00:40:24 local/tmm info tmm[4766]: Rule myrule : 172.28.65.150:53712|abc.com|/test||abc|com Nov 14 00:40:24 local/tmm info tmm[4766]: Rule myrule : Caught a MS host abc, redirecting... [root@ve1023:Active] config curl -I http://www.abc.com/test HTTP/1.0 302 Found Location: https://www.domain.com/MS/RedirectMS?site=hub&value=abc Server: BigIP Connection: Keep-Alive Content-Length: 0 [root@ve1023:Active] config Nov 14 00:40:31 local/tmm info tmm[4766]: Rule myrule : 172.28.65.150:53713|www.abc.com|/test|www|abc|com Nov 14 00:40:31 local/tmm info tmm[4766]: Rule myrule : Caught a MS host abc, redirecting...
additionally, i think it would be great if we can avoid using regex. you know it is cpu intensive. 
hoolioCirrostratus
If you're seeing connection resets with an iRule, check the /var/log/ltm file for runtime TCL errors.
However, as Nitass said, you should be able to rework this iRule with string pattern matching to avoid the high CPU costs of regexes. I'm not exactly sure what logic you're trying to implement, but here's a stab at it:when HTTP_REQUEST { Remove www. from the host header value if it is present set host [string map {www. ""} [string tolower [HTTP::host]]] log local0. "[IP::client_addr]:[TCP::client_port]: Parsed $host from [HTTP::host]" switch $host { "domain" - "wsecure" - "ssl" { log local0. "[IP::client_addr]:[TCP::client_port]: Matched part of $host, redirecting" HTTP::redirect "https://www.domain.com/MS/RedirectMS?site=hub&value=$host" } } }
http://devcentral.f5.com/wiki/iRules.switch.ashx
http://devcentral.f5.com/wiki/iRules.getfield.ashx
Aaron- nitassAaron,
nice irule. 🙂
by the way, should we also remove top-level domain?
e.g.[root@ve1023:Active] config b rule myrule list rule myrule { when HTTP_REQUEST { Remove www. from the host header value if it is present scan [string map {www. ""} [string tolower [HTTP::host]]] {%[^.]} host log local0. "[IP::client_addr]:[TCP::client_port]: Parsed $host from [HTTP::host]" switch $host { "domain" - "wsecure" - "ssl" { do something } default { log local0. "[IP::client_addr]:[TCP::client_port]: Matched part of $host, redirecting" HTTP::redirect "https://www.domain.com/MS/RedirectMS?site=hub&value=$host" } } } } [root@ve1023:Active] config curl -I http://www.abc.com/test HTTP/1.0 302 Found Location: https://www.domain.com/MS/RedirectMS?site=hub&value=abc Server: BigIP Connection: Keep-Alive Content-Length: 0 [root@ve1023:Active] config Nov 14 07:29:34 local/tmm info tmm[4766]: Rule myrule : 172.28.65.150:46973: Parsed abc from www.abc.com Nov 14 07:29:34 local/tmm info tmm[4766]: Rule myrule : 172.28.65.150:46973: Matched part of abc, redirecting [root@ve1023:Active] config curl -I http://abc.com/test HTTP/1.0 302 Found Location: https://www.domain.com/MS/RedirectMS?site=hub&value=abc Server: BigIP Connection: Keep-Alive Content-Length: 0 [root@ve1023:Active] config Nov 14 07:29:43 local/tmm info tmm[4766]: Rule myrule : 172.28.65.150:46974: Parsed abc from abc.com Nov 14 07:29:43 local/tmm info tmm[4766]: Rule myrule : 172.28.65.150:46974: Matched part of abc, redirecting - hoolioGood catch Nitass. I was going to use getfield to parse it, but forgot about it. scan should be able the same efficiency.
Aaron 
Jeremy_C_RusselThanks for the replies. I do think an error in other parts of the rule was the issue. I have taken your advice though to reduce my use of regexp. Is there a point at which the number of elements in a switch statement starts to be of concern?
Michael_YatesHi Jeremy,
One of the MVP's (smp), did a benchmark test on this and posted his results here:
Switch or Class?
There are varying suggestions on it, but IMO (as you will see on a benchmark 100K connect test) while there is a performance difference, unless you are seriously pinching CPU cycles you should go with which ever is easiest for you to maintain (but be aware of the caveats of each like the ones that Arie noticed in smp's post).
Hope this helps.
