Forum Discussion
ProxyPass V10 iRule issues...
I'm trying to set-up the ProxyPass v10 iRule from here (http://devcentral.f5.com/wiki/iRules.ProxyPassV10.ashx), and I'm hitting a few issues with Firefox...
It's probably worth noting that I've made a couple of tweaks to the rule to fit with how we intend to use it...
Top section of the rule looks like this now:
when RULE_INIT {
Enable to debug ProxyPass translations via log messages in /var/log/ltm
(2 = verbose, 1 = essential, 0 = none)
set static::ProxyPassDebug 02
Enable to rewrite page content (try a setting of 1 first)
(2 = attempt to rewrite host/path and just /path, 1 = attempt to rewrite host/path)
set static::RewriteResponsePayload 0
}
when CLIENT_ACCEPTED {
Get the default pool name. This is used later to explicitly select
the default pool for requests which don't have a pool specified in
the class.
set default_pool [LB::server pool]
if { $static::ProxyPassDebug > 1 } {
log local0. "[virtual name]: [IP::client_addr]:[TCP::client_port] -> [IP::local_addr]:[TCP::local_port]"[IP::local_addr]:[TCP::local_port] DefaultPool: $default_pool"
}
}
when HTTP_REQUEST {
"bypass" tracks whether or not we made any changes inbound so we
can skip changes on the outbound traffic for greater efficiency.
set bypass 1
The name of the Data Group (aka class) we are going to use
set vname [getfield [virtual name] / 4]
set cname [substr $vname 0 .]
set clname "ProxyPass[virtual name]""ProxyPass_$cname"
Initialize other local variables used in this rule
set orig_uri "[HTTP::uri]"
set orig_host "[HTTP::host]"
set log_prefix "VS=[virtual name], Host=$orig_host, URI=$orig_uri"
set clientside ""
set serverside ""
set newpool ""
set ppass ""
if {! [class exists $clname]} {
log local0. "$log_prefix: Data Group $clname not found."
pool $default_pool
return
} else {
log local0. "$log_prefix: Data Group $clname found."
set ppass [class match -element "$orig_host$orig_uri" starts_with $clname]
if {$ppass eq ""} {
Did not find with hostname, look for just path
set ppass [class match -element "$orig_uri" starts_with $clname]
}
if {$ppass eq ""} {
No entries found
if { $static::ProxyPassDebug > 0 } {
log local0. "$log_prefix: No rule found"
}
Get default redirect value.
set rurl [class match -value $cname equals Root_Redirect]
if { $static::ProxyPassDebug > 0 } {
log local0. "$log_prefix: redirect found. Redirecting to $rurl"
}
HTTP::redirect "https://[HTTP::host]$rurl"
pool $default_pool
return
}
}
Basically, I've changed the name format of the datagroup that it's looking for, and added a 'Default redirect' which is used to catch either the root directory or an invalid application URL.
This code works fine in IE, however I'm consistently getting the following error in FF:Corrupted Content Error
The page you are trying to view cannot be shown because an error in the data transmission was detected.
Any ideas where this issue could come from?
- GavinW_29074NimbostratusOpher
Edit: I've just realised that I havent posted my version of the rule to this topic... But i've made a lot of same mods that you've made...
A copy of my edit on the rule is attached...
- Opher_Shachar_6Nimbostratus
Hi Gavin,
My mods are based on the iRule available here: http://devcentral.f5.com/wiki/defau...ssV10.html
Cheers.
- GavinW_29074NimbostratusOpher,
- Opher_Shachar_6Nimbostratus
Hi Gavin,
> What is the purpose or intent of the additional if on line 266 ?
Cheers,
- GavinW_29074NimbostratusPosted By Opher Shachar on 02/03/2012 03:10 PM
Hi Gavin,
> What is the purpose or intent of the additional if on line 266 ?
Cheers,
Line 266 was discussed a bit more here (http://devcentral.f5.com/Community/...fault.aspx). Basically, I spotted that the Stream profiles were being enabled even when the Client and Server side paths were identical...
I think the change on 136 was purely to make it match the log entry at 140... However agree that it may make more sense to have this logging at an error level.
Agreed, currently we're only using the /Common/ partition... However can see why it makes sense to make the rule as future proof as possible...
Thanks for comments on connection protocol...
I guess it's also worth pointing out the 'Default' redirect functionality I've added on lines 151-153. This works off of a separate DataGroup which provides a 'if you dont match something, try this.'
Will work your changes into my rule and see what it comes out like :)
Cheers
Gavin
- Opher_Shachar_6NimbostratusAbout those 'maintenance_window' and 'default redirect' ...
- GavinW_29074NimbostratusPosted By Opher Shachar on 02/06/2012 01:05 AM
- GavinW_29074NimbostratusAll
- GavinW_29074NimbostratusLooks like there's a typo in the rule.
has got an additional closing bracket which isn't needed...[virtual name]]
- GavinW_29074NimbostratusLooks like there's a typo in the rule.
has got an additional closing bracket which isn't needed...[virtual name]]
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com