Forum Discussion
Vishal_96707
Nimbostratus
NimbostratusSelective HTTPS redirection
I am having following requirement in which the servers in the pool should talk to the virtual server using HTTP only while all other users should redirect to HTTPS.
The requirement for servers talking to the VS was fulfilled using the following iRule
when CLIENT_ACCEPTED {
checks to see if client_addr = any in the class
fmw_nodes class has servers in the pool
if { [matchclass [IP::client_addr] equals $::fmw_nodes]} {
snat 192.168.253.250
} else {
pool fwm-uat.bmc.com
}
}The HTTP -> HTTPS redirection is configured using following iRule
when HTTP_REQUEST {
HTTP::redirect https://[HTTP::host][HTTP::uri]
}How does the iRule evaluation takes place when you have more than one iRules?
I would appreciate any help in this regards. I am new to Big IP LTM
Thanks in advance
23 Replies
hoolioCirrostratus
nmenant is correct. [IP::remote_addr] in clientside events (like CLIENT_ACCCEPTED and HTTP_REQUEST) and IP::client_addr in any event should be the source IP address in the packets. I expect that if you apply SNAT to the connection in the rule, the source address is only modified on the serverside connection. I'm pretty sure there isn't any way to affect the IP::remote_addr value in a rule. If you're seeing a different IP than you're making the request from, I think there has to be a device between the client and the VIP which is performing source address translation.
Aaron
Vishal_96707I did some modification and somehow looks like it worked. I am waiting for few more confirmations from the apps team.
when HTTP_REQUEST
{
log local0. "Client IP is: [IP::client_addr]"
if {[matchclass [IP::remote_addr] equals $::fmw_nodes]}
{
log local0. "SNAT activated ..."
snat 192.168.253.250
}
else
{
log local0. "Redirecting ..."
HTTP::redirect https://[HTTP::host][HTTP::uri]
}
}
In the logging i have used the client_addr while in the "if" statement i used remote_addr. It somehow captured all the info.
Mar 4 08:08:56 tmm tmm[1089]: Rule fmw-test3 : Client IP is: 172.18.202.195
Mar 4 08:08:56 tmm tmm[1089]: Rule fmw-test3 : Redirecting ...
Mar 4 08:08:56 tmm tmm[1089]: Rule fmw-test3 : Client IP is: 172.18.202.195
Mar 4 08:08:56 tmm tmm[1089]: Rule fmw-test3 : Redirecting ...
Mar 4 08:09:02 tmm tmm[1089]: Rule fmw-test3 : Client IP is: 192.168.253.110
Mar 4 08:09:02 tmm tmm[1089]: Rule fmw-test3 : SNAT activated ...
Mar 4 08:09:03 tmm tmm[1089]: Rule fmw-test3 : Client IP is: 192.168.253.110
Mar 4 08:09:03 tmm tmm[1089]: Rule fmw-test3 : SNAT activated ...
is client_addr and remote_addr same? Just trying to understand....
Nicolas_MenantEmployee
IP::client_addr will always return the IP address of the client
IP::remote_addr will return the IP address of the client or the IP address of the server depending on the context (if you are serverside or clientside)
you have an explanation here Click here
in Your case since you use HTTP_REQUEST event you are on a clientside context so
IP::remote_addr and IP::client_addr should have the same value
