redirect traffic basing on the answer from webserver

Hello Kem,

 

 

I think the cleanest solution would be to configure the BIG-IP to perform the authentication against the auth server and then only forward authenticated requests to the static content pool. I think that would require licensing the client authentication module for the type of auth you are using.

 

 

Else, you might be able to use an iRule to send the initial request to the web server pool and insert an encrypted token in a header or cookie if the web server pool responds with a valid response. You could then send a redirect to the client with that token. On subsequent requests you could then check for the valid token before routing the request to the static pool.

 

 

We created a rule with an encrypted token in the PDF protection example (Click here).

 

 

Writing such a rule seems to be beyond the scope of what most people around here would do for you in their spare time. You might consider contacting F5's consulting group to get a quote for such a rule if it's not something you're comfortable writing yourself yet.

 

 

There might actually be a way of forcing the BIG-IP to make a second server-side request if the request if the BIG-IP gets a valid header in the first response, but I don't know if that would be a very clean solution.

 

 

Lastly, if you know that PerlBal is free and works for this scenario, it might be the simplest solution. Though I'm fairly certain you could do this with the first two methods.

 

 

Aaron