Forum Discussion
Kevin_Leicht_51
Nimbostratus
NimbostratusProblem with iRule upgrading to 11.4.
I'm trying to upgrade to 11.4 but am at a bit of a loss to know how to replace the HTTP_CLASS_SELECTED functionality we currently have in one of our iRules. The iRule aborts a session when it encounters a user-agent listed in the 'UserAgentBlacklist' data group, but it then checks to see if there's an ASM class assigned, and if so, it disables ASM. Without the last part, we were getting error messages written to the log. Any idea on how to rewrite this iRule in 11.4?
Code when HTTP_REQUEST {
set abort_trans 0
if { [class match -- [string tolower [HTTP::header "User-Agent"]] contains AVUserAgentBlacklist ] } {
set abort_trans 1}}
when HTTP_CLASS_SELECTED {
if {[HTTP::class asm]==1}{
if {$abort_trans==1}{
ASM::disable
drop }}
else
{if {$abort_trans==1}
{drop }}}
natheCirrocumulus
Hopefully this old post should get you going forward with this.https://devcentral.f5.com/questions/http_class_selected-unavailable-in-1140-any-alternatives N
Which 11.4 the HTTP Class iRule event is gone the following solution should get you what you need.
http://support.f5.com/kb/en-us/solutions/public/14000/300/sol14381.html?sr=31800986
What_Lies_Bene1Cirrostratus
Hmmm. Seems you can move the commands to the HTTP_REQUEST event and then use POLICY::targets command instead of HTTP::class no?
Kevin_Leicht_51I saw that post, but have to figure out what to do with POLICY::. Was trying to find an iRules reference manual, but realize now it's only on devcentral, so will work through the syntax. Thanks.
- What_Lies_Bene1There is a book available (I wrote it ;-) but unfortunately it's LTM focussed and I haven't yet updated it for v11.3/4 and some other module related changes/additions.
- Kevin_Leicht_51
Actually, I think I'm in a bit of a catch-22 situation, if I read the documentation correctly. It appears that POLICIES are introduced in 11.4, but I need to figure out how to convert my iRule that uses HTTP_CLASS_SELECTED to use a POLICY instead. BUT.... I can't do that until AFTER I upgrade, AND I can't upgrade until AFTER I change the iRule.
Am I losing my grasp on reality, or is Monty Python in the house?
- What_Lies_Bene1
It's not quite that bad. I'd suggest you simply remove the iRules, do the upgrade and then re-create them but with the new commands etc.
- Kai_Wilke
MVP
With V11.4 you can call the ASM::disable command directly from your HTTP_REQUEST event. So you don't need to set variables anymore to instruct the HTTP_CLASS_SELECTED event.
when HTTP_REQUEST { switch -exact -- [class match -- [string tolower [HTTP::header "User-Agent"]] contains AVUserAgentBlacklist ] 1 { ASM::disable drop } }Cheers, -Kai
