Forum Discussion

RobS's avatar
RobS
Icon for Altostratus rankAltostratus
Feb 07, 2018

Redirect to pool member based on URI with persistence

We are implementing Kronos 8 with SSL offloading on our LTM. The SSL offload options in Kronos forces all traffic through the LTM so our Kronos admin can no longer hit the application directly on the individual servers. To accomplish this I need to direct traffic directly to the pool member based on URI. I also need to append /wfc/logon to all URIs. I have built an iRule based on examples I have found here, but it doesn't work correctly. It lands on the initial logon page correctly, but after the logon doesn't persist to the pool member.

Process I am trying to accomplish:

Any suggestions are greatly appreciated.

append uri
application delivery
irule
iRules
LTM
persistence
pool member
  • Andy_McGrath's avatar
    Andy_McGrath
    Icon for Cumulonimbus rankCumulonimbus
    Feb 07, 2018

    Careful you do not direct them to the logon page all the time and i would look at using switch instead of if elseif but put an if as a top level trigger, only do this if the URI starts with "/ap" then just strip the "/apx" from the uri.

    Think the following should do the job:

     Allow server selection via uri
when HTTP_REQUEST {
    set uri [string tolower [HTTP::uri]]
    if {$uri eq "/"} {
        HTTP::uri "/wfc/logon"
    } elseif {$uri starts_with "/ap"} {
        switch -glob $uri {
            "/ap1" {
                pool Kronos member 192.168.1.121 80
                HTTP::uri [string map {"/ap1" ""} $uri]
            }
            "/ap2" {
                pool Kronos member 192.168.1.122 80
                HTTP::uri [string map {"/ap2" ""} $uri]
            }
            "/ap3" {
                pool Kronos member 192.168.1.123 80
                HTTP::uri [string map {"/ap3" ""} $uri]
            }
        }
    }
}
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Feb 09, 2018

    Hi,

    you have to create 2 virtual servers:

    • http virtual server to redirect HTTP URLs to HTTPS. assign the default _sys_https_redirect irule.
    • https virtual server to manage

    Apply this irule to the HTTPS virtual server

     HTTPS virtual server irule
when HTTP_REQUEST {
  switch -glob -- [HTTP::path] {
    "/wfc/logon" {
            switch -glob -- [URI::query [HTTP::uri] app] {
              "ap1" {
                pool Kronos member 192.168.1.121 80
                HTTP::uri "/wfc/logon"
              }
              "ap2" {
                pool Kronos member 192.168.1.122 80
                HTTP::uri "/wfc/logon"
              }
             default {pool Kronos }
            }
    }
    "/ap1" {HTTP::respond 307 Location "/wfc/logon?app=ap1" }
    "/ap2" {HTTP::respond 307 Location "/wfc/logon?app=ap2" }
    "/" {HTTP::respond 307 Location "/wfc/logon" }
  }       
}