Forum Discussion

Eric_Stuhl_2806's avatar
Eric_Stuhl_2806
Icon for Nimbostratus rankNimbostratus
Apr 13, 2006

Question about creating iRules

Hello,

 

 

I aplogize if this topic has been covered in the past, but I did a cursory search of the forum and couldn't find something to help me find an answer.

 

 

In my environment, we have a pair of F5 LTMs(6400s) using auto SNAT to proxy all inbound requests. One of our applications validates authentication with the source ip address of the request.

 

 

What I would like to do is to take the client_IP and place it into a cookie that could be read by my application. Is there a quick and dirty way to do this?

 

 

I would imagine something like this: (mostly blatantly stolen from codeshare)

 

 

when CLIENT_ACCEPTED {

 

set ckvalue [IP::client_addr]

 

set ckname CLIENTIP

 

HTTP::cookie insert name $ckname value $ckvalue

 

}

 

 

 

application delivery
dev
devops
iRules
  • Eric_Stuhl_2806's avatar
    Eric_Stuhl_2806
    Icon for Nimbostratus rankNimbostratus
    Apr 13, 2006
    It is amazing what reading the manuals can do for you. I'm sorry for some of the silly questions. My programmers changed their requirements and now want me to tranlate IP addresses to customer names.

     

     

    I'm trying to do this, using matchclass, but I can't seem to get the syntax right.

     

     

    when CLIENT_ACCEPTED {

     

    set ckname NETWORK_ALIAS

     

    if { [matchclass $::Alias_Subnet contains [IP::client_addr] } {

     

    set ckvalue ATLAS

     

    }

     

    elseif { [matchclass $::Test_Subnet contains [IP::client_addr] } {

     

    set ckvalue TEST

     

    }

     

    else {

     

    set ckvalue UNKNOWN

     

    }

     

    }

     

    when HTTP_REQUEST {

     

    HTTP::header insert $ckname $ckvalue

     

    }
  • Colin_Walker_12's avatar
    Colin_Walker_12
    Historic F5 Account
    Apr 13, 2006
    Well, the first thing I'd not is that you're missing an ending bracket on both of your matchclass lines.

    Assuming your classes are set up properly to match the IP info, the rule would read:

    
when CLIENT_ACCEPTED {
  set ckname NETWORK_ALIAS
  if { [matchclass $::Alias_Subnet contains [IP::client_addr] ] } {
    set ckvalue ATLAS
  } elseif { [matchclass $::Test_Subnet contains [IP::client_addr] ] } {
    set ckvalue TEST
  } else {
    set ckvalue UNKNOWN
  }
}
when HTTP_REQUEST {
  HTTP::header insert $ckname $ckvalue
}

    There's a great post on matching network masks here, as well: Click here

    Happy Coding,

    Colin
  • Eric_Stuhl_2806's avatar
    Eric_Stuhl_2806
    Icon for Nimbostratus rankNimbostratus
    Apr 14, 2006
    I'm back.

     

     

    When I thought things were working correctly I must have been sorely mistaken. For reference, I offer my latest iteration of the irule:

     

     

    when CLIENT_ACCEPTED {

     

    set ckname NETWORK_ALIAS

     

    if { [matchclass $::Atlas_Subnet equals [IP::client_addr] ] } {

     

    set ckvalue ATLAS

     

    } else {

     

    set ckvalue [IP::client_addr]

     

    }

     

    }

     

     

    when HTTP_REQUEST {

     

     

    HTTP::header insert $ckname $ckvalue

     

    log local0. "$ckname $ckvalue"

     

    }

     

     

    I see the log entries with the correct values, but I never get a response from my JBoss servers. When I remove the rule, everything works fine, so I'm assuming I must have made some sort of mistake.

     

     

    Am I leaving something out? I've tested various log statements to prove that I'm only going through the conditional statement once and only hitting one branch, so I'm pretty sure that's not at fault.

     

     

    EDIT:: Disregard, Java developers were playing with JBoss and forgot to let me know.