Forum Discussion
swabbies_112156
Nimbostratus
NimbostratusRelational class or tables
We are running v9.4.8.
I am looking to create a relation based class, not sure if this is a function of a table in v10.
the relation is that I want a way to evaluate more than 1 criteria for a class in relation. I know I can create 2 classes and have the irule match both, but the problem I run into is that the group of users may not all match the group of commands to be matched on.
In the example below I want to match testsuser1 on commands 1 and 2, but testuser2 should only match on command2. It is not scalable to create multiple matching classes for every user as the list is dynamic and will be frequently updated via api. At times there could be 2 users or there could be 15 users. Same with commands.
class penatly_box {
"testuser1" "command1"
"testuser1" "command2"
"testuser1" "command2"
}'
Is there a function that exists to handle these relations?
hooleylistCirrostratus
With datagroups and memory tables, the key must be unique. If you want to have multiple values for a key, you could combine them:class penatly_box { "testuser1" "command1|command2|command3" "testuser2" "command2" "testuser3" "command1" }
To parse these values you could use getfield:
http://devcentral.f5.com/wiki/iRules.getfield.ashx
Aaron
swabbies_112156Thanks Aaron.
I will read up on getfield.- swabbies_112156Still need a bit of clarification on this.
b class test_penaltybox '{
"testuser1 command1"
"testuser1 command2"
"testuser2 commnad1"
}'
http://domain-name.com/?uid=testuser1&command=command1 should match
http://domain-name.com/?uid=testuser1&command=command2 should match
http://domain-name.com/?uid=testuser2&command=command1 should match
http://domain-name.com/?uid=testuser2&command=command2 should not match
if {[matchclass [string tolower [HTTP::uri]] contains [getfield $::bentest_penaltybox] ":" 1 ]} {
pool $penaltyboxpool
}
I can't get the syntax correct to work. Also I want to expand it so that URI contains both "1" and "2" or "testuser1" and "command1", but not if it only has one of the two.
Can getfield be applied to a class, or can it only be applied to a URI? - swabbies_112156
duplicate
- swabbies_112156
duplicate
- swabbies_112156sorry duplicate. deleted text
- hooleylistSorry, I was mistaken on the name value format I gave for 9.x. That was added in ~10.0 or 10.1.
If you have a data group defined as this:class test_penaltybox { "testuser1 command1" "testuser1 command2" "testuser2 commnad1" }
To look up a single string (like the UID) in the data group and get the second field you could use findclass:
log local0. [findclass testuser1 test_penaltybox " "]
Note that the data group name is test_penaltybox and should be referenced without the $:: prefix in 9.4.4+.
Or if you want to check if a uid and command combination exist, you could try this:if {[matchclass "[URI::query ?&[HTTP::query] &uid] [URI::query ?&[HTTP::query] &command]" equals test_penaltybox]}{ log local0. "matched" } else { log local0. "no match" }
Note the workaround used for a URI::query bug which was fixed in v11:
http://devcentral.f5.com/wiki/iRules.uri__query.ashx
Aaron - swabbies_112156Thanks very much! Early testing looks great. Now I just have to sort out the logic.
- swabbies_112156Hoolio.
I can't seem to get the "string tolower" to work with this scenario. Can you assist?
if {[matchclass [string tolower "[URI::query ?&[HTTP::query] &uid] [URI::query ?&[HTTP::query] &command]" ] equals test_penaltybox]}{
pool penaltybox-pool
log local0. "matched"
return
} else {
log local0. "no match"
} - hooleylistThat looks right to me and saves on a test box. When you say it's not working, what error or issue do you see and when (saving the rule, during runtime or just not matching)?
Aaron