For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

szia_80879's avatar
szia_80879
Icon for Nimbostratus rankNimbostratus
Sep 23, 2008

Redirect request using multiple conditions

Hello everyone,

 

I am having trouble making an iRule works. I could not figure out what is causing this issue. Let me explain what I want to accomplish with the iRule.

 

I have two URIs: “/” is for external users and “/xyz” for internal users. I want to use two conditions to separate the external request from internal request.

 

First condition: Users are allow to use either [HTTP::host/] or [HTTP::host]/xyz

 

Second condition: User will be redirected to external or internal site based on their source addresses.

 

I wrote a test iRule. It works only for the external URI. It does not work for internal URI and creates a loop. My Big-IP log file is getting hammered with these loop entries when I tested. Please help me to find what is in the iRule is causing this loop. Any help will be appreciated. Thank you in advance.

 

 

when HTTP_REQUEST {

 

if { [HTTP::uri] equals "/" or ([HTTP::uri] ends_with "/xyz")} {

 

if { [matchclass [IP::client_addr] equals $::restricted_client_datagroup]} {

 

HTTP::redirect http://[HTTP::host]/xyz

 

}

 

pool Corporate_8080_Pool

 

} else {

 

if { not [matchclass [IP::client_addr] equals $::restricted_client_datagroup]} {

 

HTTP::redirect http://[HTTP::host]/

 

}

 

pool Corporate_8080_Pool

 

}

 

log the client IP address -> destination IP address

 

log local0. "request accepted from client: \

 

[IP::client_addr] -> [IP::local_addr] -> [HTTP::uri]"

 

}
application delivery
dev
devops
iRules

3 Replies

  • The_Bhattman's avatar
    The_Bhattman
    Icon for Nimbostratus rankNimbostratus
    Sep 23, 2008
    I think I see what's happening in your code.

     

     

    Try the following:

     

     

     
 when HTTP_REQUEST { 
 if { ([HTTP::uri ends_with "/") or ([HTTP::uri] ends_with "/xyx")} { 
 if {[matchclass [IP::client_addr] == $::restricted_cleint_datagroup]} { 
 HTTP::redirect http://[HTTP::host]/xyz 
 pool Corporate_8080_Pool 
 } else {  
 HTTP::redirect http://[HTTP::host]/ 
 pool Corporate_8080_Pool 
 } 
 } 
 log local0. "request accepted from client: [IP::client_addr] -> [IP::local_addr] -> [HTTP::uri]"  
 }

     

     

    Hope this helps

     

    CB

     

  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Sep 24, 2008
    Do you want to rewrite the URI inline and send the request to the pool? If so, change HTTP::redirect to HTTP::uri in CB's example.

     

     

    I think the original issue was that you were redirecting clients show requested /xyz and were part of the restricted_client_datagroup class endlessly.

     

     

    Aaron
  • szia_80879's avatar
    szia_80879
    Icon for Nimbostratus rankNimbostratus
    Sep 25, 2008
    Thank you both CB and Aaron. Your input helped me to fix the problem. Thank you again.