Forum Discussion
Chris_Schaerli_
Nimbostratus
NimbostratusRedirect or rewrite?
Hi,
I am trying to setup something to direct traffic based on source IP. We are rolling out an application and we want to do it in phased approach.
This is what I had to start.
when HTTP_REQUEST {
if { [IP::addr [IP::remote_addr] equals 10.32.186.0/255.255.252.0] } {
HTTP::redirect “https://site.com/portal/site/NEW"
} elseif {[IP::addr [IP::remote_addr] equals 10.20.20.0/255.255.252.0] } {
HTTP::redirect http://site.com/portal/site/OLD
} elseif {[IP::addr [IP::remote_addr] equals 10.0.0.0/255.0.0.0] } {
HTTP::redirect "https://site.com/portal/site/OLD"
}
}
I applied this Irule to both VIPS for http://site.com and https://site.com , but I found when I my traffic was looping. I guess I can’t redirect on the same VIP that I want to direct traffic to? Do I have to use a URL instead of a redirect?
when HTTP_REQUEST {
if { [IP::addr [IP::remote_addr] equals 10.32.186.0/255.255.252.0] } {
HTTP:uri "https://site.com/portal/site/NEW"
}elseif {[IP::addr [IP::remote_addr] equals 10.32.186.0/255.255.252.0] } {
HTTP:uri "http://site.com/portal/site/OLD"
} elseif {[IP::addr [IP::remote_addr] equals 10.0.0.0/255.0.0.0] } {
HTTP::uri "https://site.com/portal/site/OLD"
}
}
Thanks,
Chris
13 Replies
Nicolas_MenantEmployee
Hi,
I would advise not to use matches_regex since it will take more CPU. Regular expression is really CPU expensive:when HTTP_REQUEST { if { [string tolower [HTTP::path]] eq "/foo/"} { if {([IP::addr [IP::remote_addr] equals 10.12.126.248/255.255.255.255]) or ([IP::addr [IP::remote_addr] equals 10.12.126.249/255.255.255.255]) or ([IP::addr [IP::remote_addr] equals 10.12.126.250/255.255.255.255]) or ([IP::addr [IP::remote_addr] equals 10.24.69.2/255.255.255.255]) } { pool FOO.com-80 } } elseif {[IP::addr [IP::remote_addr] equals 10.0.0.0/255.0.0.0] } { HTTP::redirect "http://www.NEW.com" } }
In this code [HTTP::path] will return the Path AND the object name. May it be the reason why it doesn't match? Click here
You should try to replace the eq by contains or starts_with w(starts_with will be more efficient)
Can you update your iRule with troubleshooting information and give us the logging (is it in /var/log/ltm)when HTTP_REQUEST { log local0. "---------NEW REQUEST--------------" log local0. "uri is: [HTTP::uri]" log local0. "IP is: [IP::remote_addr]" if { [string tolower [HTTP::uri]] starts_with "/foo/"} { log local0. "Starting uri with /foo/" if {([IP::addr [IP::remote_addr] equals 10.12.126.248/255.255.255.255]) or ([IP::addr [IP::remote_addr] equals 10.12.126.249/255.255.255.255]) or ([IP::addr [IP::remote_addr] equals 10.12.126.250/255.255.255.255]) or ([IP::addr [IP::remote_addr] equals 10.24.69.2/255.255.255.255]) } { log local0. "sending to pool FOO.com-80" pool FOO.com-80 } } elseif {[IP::addr [IP::remote_addr] equals 10.0.0.0/255.0.0.0] } { log local0. "Redirecting user..." HTTP::redirect "http://www.NEW.com" } else { log local0. "No matched occured for this request" } }
I added a last else statement for more logging information. Once it is fixed you should of course remove it
HTH
Chris_Schaerli_I tried testing with the debug statements in. I ran from my test machine(10.24.69.2) and the logs looked good.
Rule HTTP-PROXY-VGN HTTP_REQUEST: ---------NEW REQUEST--------------
Rule HTTP-PROXY-VGN HTTP_REQUEST: uri is: /FOO/webservice/FOO?wsdl
Rule HTTP-PROXY-VGN HTTP_REQUEST: IP is: 10.24.69.2
Rule HTTP-PROXY-VGN HTTP_REQUEST: Starting uri with /FOO/
Rule HTTP-PROXY-VGN HTTP_REQUEST: sending to pool FOO.com-80
When I removed my test IP from the rule I was still getting sent to the pool. One thing I did not understand is that I was still getting sent to the pool, but I never see the debug statement stating I am being sent to the pool.
I ran this test twice.
Rule HTTP-PROXY-FOO HTTP_REQUEST: ---------NEW REQUEST--------------
Rule HTTP-PROXY-FOO HTTP_REQUEST: uri is: /FOO/webservice/FOO?wsdl
Rule HTTP-PROXY-FOO HTTP_REQUEST: IP is: 10.24.69.2
Rule HTTP-PROXY-FOO HTTP_REQUEST: Starting uri with /FOO/
Rule HTTP-PROXY-FOO HTTP_REQUEST: ---------NEW REQUEST--------------
Rule HTTP-PROXY-FOO HTTP_REQUEST: uri is: /FOO/webservice/FOO?wsdl
Rule HTTP-PROXY-FOO HTTP_REQUEST: IP is: 10.24.69.2
Rule HTTP-PROXY-FOO HTTP_REQUEST: Starting uri with /FOO/- Chris_Schaerli_Think I have the problem figured out. It works when I have a second elseif.
when HTTP_REQUEST {
log local0. "---------NEW REQUEST--------------"
log local0. "uri is: [HTTP::uri]"
log local0. "IP is: [IP::remote_addr]"
if { [string tolower [HTTP::path]] starts_with "/FOO" } {
log local0. "Starting uri with /FOO"
if {([IP::addr [IP::remote_addr] equals 10.12.126.248/255.255.255.255]) or
([IP::addr [IP::remote_addr] equals 10.12.126.249/255.255.255.255]) or
([IP::addr [IP::remote_addr] equals 10.12.126.250/255.255.255.255]) or
([IP::addr [IP::remote_addr] equals 10.32.186.0/255.255.252.0]) or
([IP::addr [IP::remote_addr] equals 10.34.186.0/255.255.252.0]) or
([IP::addr [IP::remote_addr] equals 10.24.69.2/255.255.255.255])
} {
log local0. "sending to pool FOO.COM"
pool FOO.COM-80
} elseif {[IP::addr [IP::remote_addr] equals 10.0.0.0/255.0.0.0] } {
log local0. "Redirecting user..."
HTTP::redirect "http://www.NEW.com"
}
} elseif {[IP::addr [IP::remote_addr] equals 10.0.0.0/255.0.0.0] } {
log local0. "Redirecting user..."
HTTP::redirect "http://www.NEW.com"
} else {
log local0. "No matched occured for this request"
}
}
