Forum Discussion
Eric_Stuhl_2806
Nimbostratus
NimbostratusQuestion about creating iRules
Hello,
I aplogize if this topic has been covered in the past, but I did a cursory search of the forum and couldn't find something to help me find an answer.
In my environment, we have a pair of F5 LTMs(6400s) using auto SNAT to proxy all inbound requests. One of our applications validates authentication with the source ip address of the request.
What I would like to do is to take the client_IP and place it into a cookie that could be read by my application. Is there a quick and dirty way to do this?
I would imagine something like this: (mostly blatantly stolen from codeshare)
when CLIENT_ACCEPTED {
set ckvalue [IP::client_addr]
set ckname CLIENTIP
HTTP::cookie insert name $ckname value $ckvalue
}
4 Replies
Eric_Stuhl_2806It is amazing what reading the manuals can do for you. I'm sorry for some of the silly questions. My programmers changed their requirements and now want me to tranlate IP addresses to customer names.
I'm trying to do this, using matchclass, but I can't seem to get the syntax right.
when CLIENT_ACCEPTED {
set ckname NETWORK_ALIAS
if { [matchclass $::Alias_Subnet contains [IP::client_addr] } {
set ckvalue ATLAS
}
elseif { [matchclass $::Test_Subnet contains [IP::client_addr] } {
set ckvalue TEST
}
else {
set ckvalue UNKNOWN
}
}
when HTTP_REQUEST {
HTTP::header insert $ckname $ckvalue
}- Well, the first thing I'd not is that you're missing an ending bracket on both of your matchclass lines.
Assuming your classes are set up properly to match the IP info, the rule would read:when CLIENT_ACCEPTED { set ckname NETWORK_ALIAS if { [matchclass $::Alias_Subnet contains [IP::client_addr] ] } { set ckvalue ATLAS } elseif { [matchclass $::Test_Subnet contains [IP::client_addr] ] } { set ckvalue TEST } else { set ckvalue UNKNOWN } } when HTTP_REQUEST { HTTP::header insert $ckname $ckvalue }
There's a great post on matching network masks here, as well: Click here
Happy Coding,
Colin - Eric_Stuhl_2806I think that did it for me. Thanks for all the help.
- Eric_Stuhl_2806I'm back.
When I thought things were working correctly I must have been sorely mistaken. For reference, I offer my latest iteration of the irule:
when CLIENT_ACCEPTED {
set ckname NETWORK_ALIAS
if { [matchclass $::Atlas_Subnet equals [IP::client_addr] ] } {
set ckvalue ATLAS
} else {
set ckvalue [IP::client_addr]
}
}
when HTTP_REQUEST {
HTTP::header insert $ckname $ckvalue
log local0. "$ckname $ckvalue"
}
I see the log entries with the correct values, but I never get a response from my JBoss servers. When I remove the rule, everything works fine, so I'm assuming I must have made some sort of mistake.
Am I leaving something out? I've tested various log statements to prove that I'm only going through the conditional statement once and only hitting one branch, so I'm pretty sure that's not at fault.
EDIT:: Disregard, Java developers were playing with JBoss and forgot to let me know.
