Hello, I'm new to iRules and trying to come up with a way to send traffic to different pools based on the /content in the url. I have a secure site which the ssl certificate is installed on the LTM and from there it is non-secure to the server. I would like to set it up to where when a user goes to https://www.domain.com/QA they go to one pool. If a user goes to https://www.domain.com/UAT they go to a different pool and if they go to https://www.domain.com/Prod they go to a third pool. The path might actually be longer than these but we should be able to key off of QA, UAT and Prod and send it to the appropriate pool that way. Any help would be greatly appreciated. Thanks Greg

Hi Greg, You can use HTTP classes or an iRule to do this. With HTTP classes, (in the GUI under Profiles : Protocol : HTTP Class) you'd create one class per pool and configure the URI's with string matching in the URI Paths section. Here is a view of the config from the bigip.conf: profile httpclass qa_class { defaults from httpclass pool qa_pool redirect none paths { "/QA*" "/qa*" } } profile httpclass uat_class { defaults from httpclass pool uat_pool redirect none paths { "/UAT*" "/uat*" } } Note that I'm assuming the app isn't case sensitive and you'd want /UAT and /uat to both go to the same pool. You could add a final HTTP class with no filters and specify a pool for all URIs which don't match a prior HTTP class. Here is an example of an iRule to select between pools based on the URI: when HTTP_REQUEST { Check URI set to lower case with wildcard matching switch [string tolower [HTTP::uri]] { "uat*" { uat_pool } "qa*" { qa_pool } default_pool { qeneral_pool } } } Aaron

Thanks for all the information. That worked great but apparently I was misinformed on part of what they are wanting. They actually want the QA, UAT or Prod removed from the string when it is sent on to the pool. So if you went to https://www.domain.com/QA/Signon.jsp they want it sent to the QA pool but they want the QA removed from the string but keep everything after that. Thanks again for all your help. Greg

How about: HTTP::uri [string range [HTTP::uri] [string first "/" [HTTP::uri] 1] end] % set uri "/QA/Signon.jsp" /QA/Signon.jsp % string range $uri [string first "/" $uri 1] end /Signon.jsp

Would there be a way to do this to just remove the QA, UAT or Prod from the url without having the full path defined within the iRule. It would be a little cleaner and easier to manage as there could be additional paths that need to get added later on and would rather not have to keep adding rules as they add additional paths. Also, is there a best practice as far as how to implement the iRules? When doing multiple things (sending trafifc to different pools based on uri and removing part of the url) do you want to use one iRule or do you just keep them separate? Thanks, Greg

What do yo mean defining the path? As far as best practices go, there are trade-offs between readability and manageability. If you aren't doing too much, it makes sense to be lumped into one iRule. If there are a crazy number of lines and functions, it might make more sense to split them out.

Route to different pools based on /content

15 Replies

Chris_Miller
Altostratus
Jan 31, 2011
Just to verify, you're only trying to remove the QA/UAT string between LTM and the Pool Member? The client's will still see QA/UAT in their browser. If you're trying to remove it client-side, you'll need to do a redirect instead. I'll modify the rule assuming you're just trying to remove it between the LTM and pool member until you say otherwise.

Since I'm not solid with string first, let's do this:

when HTTP_REQUEST { Check URI set to lower case with wildcard matching switch [string tolower [HTTP::uri]] { "uat*" { pool uat_pool HTTP::uri [string range [HTTP::uri] 4 end ] } "qa*" { pool qa_pool HTTP::uri [string range [HTTP::uri] 3 end ] } default_pool { pool qeneral_pool } } }
Greg_76561
Nimbostratus
Jan 31, 2011
We were hoping that we could send the traffic to the appropriate environment (QA, UAT, Prod) based on what the end user was entering for a uri (/QA, /UAT or /Prod) such as https://www.domain.com/QA/Signon.jsp but the actual QA web server does not have a /QA so that "/QA" would need to be removed from the uri but everything before or after the "/QA" would be valid and need to keep that in the uri. So what the web server would see coming in would be https://www.domain.com/Signon.jsp. Hopefully that makes more sense. Clear as mud?

Thanks,

Greg

Chris_Miller

Altostratus

Jan 31, 2011

Thanks...that's what I assumed. Does the most recent rule I wrote accomplish this? I had made a small error that I just modified.


when HTTP_REQUEST {
      Check URI set to lower case with wildcard matching
     switch [string tolower [HTTP::uri]] {
          "uat*" {
              pool uat_pool
              HTTP::uri [string range [HTTP::uri] 4 end ]
                      }
           "qa*" { 
              pool qa_pool
              HTTP::uri [string range [HTTP::uri] 3 end ]
                      }
           default { 
              pool qeneral_pool
                        }
      }
 }

hoolio

Cirrostratus

Jan 31, 2011

Chris,

The string first command works nicely with this because you can skip the first forward slash and get the index of the second forward slash (after the /qa or /uat directory) using the "startIndex" parameter. But the string range commands you used have the same effect. But make sure you're checking for URIs starting with a forward slash in your switch statement (/uat and /qa). And you'll need a -glob flag on the switch statement.

Greg,

The HTML content that the server replies with won't have these /qa or /uat prefixes unless the servers have been configured to include them. You could try to insert them in all of the HTML, but it would get complicated trying to parse the HTML. If the initial request from the users contains the prefix, you could set a cookie to track that they're a UAT, QA or general user. You could check for that cookie if the URI doesn't match a UAT or QA URI.

Here's an untested example:

when HTTP_REQUEST {
    Default to not setting a pool cookie
   set pool_cookie ""
    Check URI set to lower case with wildcard matching
   switch -glob [string tolower [HTTP::uri]] {
      "/uat*" {
         pool uat_pool
         HTTP::uri [string range [HTTP::uri] [string first "/" [HTTP::uri] 1] end]
         set pool_cookie uat
      }
      "/qa*" {
         pool qa_pool
         HTTP::uri [string range [HTTP::uri] [string first "/" [HTTP::uri] 1] end]
         set pool_cookie qa
      }
      default_pool {
          Check if user has pool cookie
         switch [HTTP::cookie pool_selector] {
            "qa" {
               pool qa_pool
            }
            "uat" {
               pool uat_pool
            }
            default {
               pool general_pool
            }
         }
      }
   }
}
when HTTP_RESPONSE {
    Set a pool selector cookie if a UAT or QA pool as selected in request
   if {$pool_cookie ne ""}{
      HTTP::cookie insert name pool_selector value $pool_cookie
   }
}

Aaron

Brit_115164
Nimbostratus
Mar 10, 2013
Hi Greg,

We have a similar kind of situation here ie. there is an existing pool on the Loadbalancer supporting a website "www.domain.com". Currently, whenever an user types in the URL tab as www.domain.com, that request is re-directed to that existing pool on our Loadbalancer. The requirement is that whenever an user enters the URL name as www.domain.com, the request should be re-directed to one particular pool( which is yet to be created ) and if the user types specifically www.domain.com/abc or whatever the content maybe after the domain-name, the request should hit the existing pool. To accomplish this, will this below given script help?

switch [string tolower [HTTP::uri]] {

"*" {

existing_pool

}

default_pool {

New_pool

}

}

Thanks..

Forum Discussion

Route to different pools based on /content

15 Replies

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Layer 7 Content Routing in F5 XC

SNI Routing with BIG-IP

Service Extensions with SSL Orchestrator User Coaching of AI Related Content

F5 Distributed Cloud - Customer Edge Site - Deployment & Routing Options

LTM policy to route traffic to different pools

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS