Forum Discussion
GavinW_29074
Nimbostratus
NimbostratusProxyPass v10 - Should it be Bypassing this request???
Hi there,
I'm making use of the F5 provided ProxyPass v10 iRule (https://community.f5.com/t5/codeshare/proxypass-v10-v11/ta-p/273662), and am seeing some strange behaviour when using the Rewrite Response functionality that's included...
We've got an application deployed with the following DataGroup:list /ltm data-group internal ProxyPass_cms
ltm data-group internal ProxyPass_cms {
records {
/CMSBackOffice {
data /CMSBackOffice
}
/CMSResources {
data /CMSResources
}
}
type string
}
I'd expect this to Bypass the HTTP_REQUEST_SEND/HTTP_RESPONSE blocks...
However I'm seeing the following logged:
Jan 25 17:08:40 tmm info tmm[9144]: Rule /Common/ProxyPass : /Common/cms3.test.app/cms.cms3.test.card.co.uk_http: 192.168.100.208:64248 -> 192.168.151.5:80 DefaultPool: /Common/cms3.test.app/cms3.test_pool
Jan 25 17:08:40 tmm info tmm[9144]: Rule /Common/ProxyPass : /Common/cms3.test.app/cms.cms3.test.card.co.uk_http: 192.168.100.208:64251 -> 192.168.151.5:80 DefaultPool: /Common/cms3.test.app/cms3.test_pool
Jan 25 17:08:40 tmm info tmm[9144]: Rule /Common/ProxyPass : /Common/cms3.test.app/cms.cms3.test.card.co.uk_http: 192.168.100.208:64254 -> 192.168.151.5:80 DefaultPool: /Common/cms3.test.app/cms3.test_pool
Jan 25 17:08:40 tmm info tmm[9144]: Rule /Common/ProxyPass : Not In Maintenance mode. Continuing...
Jan 25 17:08:40 tmm info tmm[9144]: Rule /Common/ProxyPass : Virtual Name = /Common/cms3.test.app/cms.cms3.test.card.co.uk_http, $vname = cms.cms3.test.card.co.uk, $cname = cms, $clname = ProxyPass_cms
Jan 25 17:08:40 tmm info tmm[9144]: Rule /Common/ProxyPass : VS=/Common/cms3.test.app/cms.cms3.test.card.co.uk_http, Host=192.168.151.5, URI=/CMSBackOffice/: HTTP connection
Jan 25 17:08:40 tmm info tmm[9144]: Rule /Common/ProxyPass : VS=/Common/cms3.test.app/cms.cms3.test.card.co.uk_http, Host=192.168.151.5, URI=/CMSBackOffice/: Data Group ProxyPass_cms found.
Jan 25 17:08:40 tmm info tmm[9144]: Rule /Common/ProxyPass : VS=/Common/cms3.test.app/cms.cms3.test.card.co.uk_http, Host=192.168.151.5, URI=/CMSBackOffice/: $ppass = /CMSBackOffice /CMSBackOffice
Jan 25 17:08:40 tmm info tmm[9144]: Rule /Common/ProxyPass : Clientside: Path starts / Host Clientside=192.168.151.5, Path Clientside=/CMSBackOffice.
Jan 25 17:08:40 tmm info tmm[9144]: Rule /Common/ProxyPass : Serverside: Host Serverside=192.168.151.5, Path Serverside=/CMSBackOffice.
Jan 25 17:08:40 tmm info tmm[9144]: Rule /Common/ProxyPass : VS=/Common/cms3.test.app/cms.cms3.test.card.co.uk_http, Host=192.168.151.5, URI=/CMSBackOffice/: Found Rule, Original Path=/CMSBackOffice/, Client Host=192.168.151.5, Client Path=/CMSBackOffice, Server Host=192.168.151.5, Server Path=/CMSBackOffice
Jan 25 17:08:40 tmm info tmm[9144]: Rule /Common/ProxyPass : VS=/Common/cms3.test.app/cms.cms3.test.card.co.uk_http, Host=192.168.151.5, URI=/CMSBackOffice/: Using default pool /Common/cms3.test.app/cms3.test_pool
Jan 25 17:08:40 tmm info tmm[9144]: Rule /Common/ProxyPass : VS=/Common/cms3.test.app/cms.cms3.test.card.co.uk_http, Host=192.168.151.5, URI=/CMSBackOffice/: $bypass value = 0
Jan 25 17:08:40 tmm info tmm[9144]: Rule /Common/ProxyPass : VS=/Common/cms3.test.app/cms.cms3.test.card.co.uk_http, Host=192.168.151.5, URI=/CMSBackOffice/: Continuing with rest of HTTP_REQUEST block.
Jan 25 17:08:40 tmm info tmm[9144]: Rule /Common/ProxyPass : VS=/Common/cms3.test.app/cms.cms3.test.card.co.uk_http, Host=192.168.151.5, URI=/CMSBackOffice/: New Host=192.168.151.5, New Path=/CMSBackOffice/
Jan 25 17:08:40 tmm info tmm[9144]: Rule /Common/ProxyPass : VS=/Common/cms3.test.app/cms.cms3.test.card.co.uk_http, Host=192.168.151.5, URI=/CMSBackOffice/: $stream_expression_cmd: STREAM::expression "@192.168.151.5/CMSBackOffice@192.168.151.5/CMSBackOffice@ @/CMSBackOffice@/CMSBackOffice@", $stream_enable_cmd: STREAM::enable
Jan 25 17:08:40 tmm info tmm[9144]: Rule /Common/ProxyPass : VS=/Common/cms3.test.app/cms.cms3.test.card.co.uk_http, Host=192.168.151.5, URI=/CMSBackOffice/: Successfully configured and enabled stream filter
Jan 25 17:08:40 tmm info tmm[9144]: Rule /Common/ProxyPass : VS=/Common/cms3.test.app/cms.cms3.test.card.co.uk_http, Host=192.168.151.5, URI=/CMSBackOffice/: Changing response header Location: http://192.168.151.5/CMSBackOffice/home with http://192.168.151.5/CMSBackOffice/home
This shows that it's enabling the Stream profiles for this connection...
Looking at this code block in the code, I'd expect this to leave the Bypass value alone, as the $host_clientside is the same as the $orig_host and $orig_uri starts with $path_clientside... Or am I mis-understanding this logic?
if {$host_clientside eq $orig_host} {
if {$orig_uri starts_with $path_clientside} {
set bypass 0
# Take care of pool selection
if {$newpool eq ""} {
pool $default_pool
if { $static::ProxyPassDebug > 0 } { log local0. "$log_prefix: Using default pool $default_pool" }
set newpool $default_pool
} else {
pool $newpool
if { $static::ProxyPassDebug > 0 } { log local0. "$log_prefix: Using parsed pool $newpool (make sure you have OneConnect enabled)" }
}
}
}
Either way, I don't think the Stream profile should be applied to this connection as there's no changes being made to the connection...
I've used the same rule on another VIP where I am changing the server-side path, and this behaves as I'd expect, enabling the stream profile and re-writing the response content...
Any comments welcome...
Cheers
Gavin
GavinW_29074It's probably worth adding that this doesn't appear to have any negative impact on the Application behaviour... I'm just concerned that it's possibly giving the F5 more work to do than it has to...
Cheers
Gav
hooleylistCirrostratus
Hi Gavin,
The assumption is that you'd be rewriting the host and/or URI using ProxyPass. I think you mentioned it before, but I'm having a hard time remembering. Why are you using ProxyPass if you're not rewriting the host or URI?
Aaron- GavinW_29074Aaron
I'm trying to use a standard set of rules across all iApp deployments... In this case, the ProxyPass rule isn't rewriting anything, but on a couple of other urls it does. Also, ProxyPass is being used to control where a user can go on the site, so they can't hit a page that is outside of the application for example...
Will run some more tests today...
Cheers
Gav - GavinW_29074Ok, I think I might have found a work-around to handle this scenario...
I've changed the code block between lines 211 to 228 as follows:if {$host_clientside eq $orig_host} { if {$orig_uri starts_with $path_clientside} { if {not ($path_clientside eq $path_serverside)} { set bypass 0 Take care of pool selection if {$newpool eq ""} { pool $default_pool if { $static::ProxyPassDebug > 0 } { log local0. "$log_prefix: Using default pool $default_pool" } set newpool $default_pool } else { pool $newpool if { $static::ProxyPassDebug > 0 } { log local0. "$log_prefix: Using parsed pool $newpool (make sure you have OneConnect enabled)" } } } } }
This appears to work in some very quick testing... Will have to do a bit more to confirm though...
Can anybody see any issues with doing this???
Cheers
Gav