Forum Discussion
mart_58302
Nimbostratus
NimbostratusServing wpad.dat with F5?
Hello.
Maybe wrong area, but I'm trying to find out, is it possible to use F5 himself as web server, to serve text based file like wpad.dat or cache.pac for clients?
How to do it?
23 Replies
mart_58302
So do you want to only send the HTTP content for requests with specific Host header values and/or URIs? If you have a list of hosts and/or URIs, you can either use a datagroup and matchclass command (Click here) or a switch statement (Click here) to check the request. The example you quoted uses a switch statement to check the URI.
Give one of those options a try and reply if you get stuck.
Hmm, actually same rule, just again, due historical reason, the wpad.internal host have also few CNAME records in our DNS, so all same iRule, but just request will come also with different hostname, like http://cache.internal/wpad.dat, http://wpad.internal/wpad.dat or http://cache.internal/wpad.dat, http://cache.internal/cache.pac.
So do I need matchclass or switch statement at all?
hoolioCirrostratus
With the rule which doesn't check the host or URI (Click here), all requests to the VIP will be answered with the contents:
function FindProxyForURL(url, host) {
if(shExpMatch(host, "*[^0123456789.]*") == false)
if( isInNet\(host, "127.0.0.0", "255.0.0.0")
|| isInNet(host, "172.17.0.0", "255.255.0.0")
|| isInNet(host, "172.18.0.0", "255.255.0.0")
)
return "DIRECT"; \
else
return "PROXY proxygateway.internal:8080; DIRECT";}
Do you want to send the same response content for every request? If so, you can use the linked iRule and you don't need to check the requested host header or URI.
If you do want to send a different response based on either the requested host or URI, then you could use a switch statement or a datagroup with the matchclass command to check the requested host and/or URI.
Can you clarify what you need to implement?
Thanks,
Aaron- mart_58302
With the rule which doesn't check the host or URI (Click here), all requests to the VIP will be answered with the contents:
function FindProxyForURL(url, host) {
if(shExpMatch(host, "*[^0123456789.]*") == false)
if( isInNet\(host, "127.0.0.0", "255.0.0.0")
|| isInNet(host, "172.17.0.0", "255.255.0.0")
|| isInNet(host, "172.18.0.0", "255.255.0.0")
)
return "DIRECT"; \
else
return "PROXY proxygateway.internal:8080; DIRECT";}
Do you want to send the same response content for every request? If so, you can use the linked iRule and you don't need to check the requested host header or URI.
If you do want to send a different response based on either the requested host or URI, then you could use a switch statement or a datagroup with the matchclass command to check the requested host and/or URI.
Can you clarify what you need to implement?
Yes, this is good rule, but I'd like just avoid clients to write in their browsers config anyhing more or less, then just /wpad.dat or /cache.pac in the end, as maybe after some time proxy's will hold the wpad.dat file and then will be troubles, if clients did make some typo in name, as with this iRule it does't matter what there is at all.
So swith without hostcheck? - hoolioHi Mart,
I still am not clear on whether you want to send the response for all requests that get to the virtual server, or only some requests based on whether the client made a request with a specific host header or URI.
Aaron - mart_58302
I still am not clear on whether you want to send the response for all requests that get to the virtual server, or only some requests based on whether the client made a request with a specific host header or URI.
Aaron Thank You been patient.
The case - it should act like normal web server, for example, I have IP address 172.17.1.1 and DNS A records wpad.internal and cache.internal which points to this IP address. This IP address is listen web server:80 and there are one file wpad.dat and symlink cache.pac, which points to wpad.dat.
So accessing http://wpad.internal/wpad.dat or http://cache.internal/wpad.dat or http://wpad.internal/cache.pac or http://cache.internal/wpad.dat gives always the same and identical result, but accessing anything else, like http://wpad.internal or http://cache.internal gives error, and same result also with http://wpad.internal/some or http://cache.internal/test etc. - hoolioGot it. Thanks for explaining once more. Do you want to send any response for requests which do not match your host/uri checking? If so, you can add another HTTP::respond command (I've put in placeholders but commented them out). This example should meet your requirements:
when HTTP_REQUEST { log local0. "[IP::client_addr]:[TCP::client_port]: New request to [HTTP::host], [HTTP::uri]" Check if requested Host header is wpad.internal switch [string tolower [HTTP::host]] { "cache.internal" - "wpad.internal" { log local0. "[IP::client_addr]:[TCP::client_port]: Request matched host check" Host check matched. Now check the requested URI switch -glob [HTTP::uri] { "/wpad.dat*" - "/cache1.pac" { log local0. "[IP::client_addr]:[TCP::client_port]: Request matched URI check" HTTP::respond 200 content { function FindProxyForURL(url, host) { if(shExpMatch(host, "*[^0123456789.]*") == false) if( isInNet\(host, "127.0.0.0", "255.0.0.0") || isInNet(host, "172.17.0.0", "255.255.0.0") || isInNet(host, "172.18.0.0", "255.255.0.0") ) return "DIRECT"; \ else return "PROXY proxygateway.internal:8080; DIRECT";} } } default { Take some default action if the requested host matched, but the URI didn't? HTTP::respond 400 content "Invalid URI" } } } default { Take some default action if the requested host didn't matched? HTTP::respond 400 content "Invalid host" } } }
Aaron - mart_58302
Got it. Thanks for explaining once more. Do you want to send any response for requests which do not match your host/uri checking? If so, you can add another HTTP::respond command (I've put in placeholders but commented them out). This example should meet your requirements:
Super! But I got errors when adding it into my code, so I just tried Your raw code and error is:01070151:3: Rule [wpad_host_and_file_aliases] error: line 5: [wrong args] [switch [string tolower [HTTP::host]]{ ] line 7: [undefined procedure: cache.internal] ["cache.internal" - ] line 8: [undefined procedure: wpad.internal] ["wpad.internal" { log local0. "[IP::client_addr]:[TCP::client_port]: Request matched host check" Host check matched. Now check the requested URI switch -glob [HTTP::uri] { "/wpad.dat*" - "/cache1.pac" { log local0. "[IP::client_addr]:[TCP::client_port]: Request matched URI check" HTTP::respond 200 content { function FindProxyForURL(url, host) { if(shExpMatch(host, "*[^0123456789.]*") == false) if( isInNet\(host, "127.0.0.0", "255.0.0.0") || isInNet(host, "172.17.0.0", "255.255.0.0") || isInNet(host, "172.18.0.0", "255.255.0.0") ) return "DIRECT"; \ else return "PROXY proxygateway.internal:8080; DIRECT";} } } default { Take some default action if the requested host matched, but the URI didn't? HTTP::respond 400 content "Invalid URI" } } } ] line 36: [undefined procedure: default] [default { Take some default action if the requested host didn't matched? HTTP::respond 400 content "Invalid host" } ] line 40: [unmatched closing character] [}] - hoolioThere was a typo in this line:
switch [string tolower [HTTP::host]]{
There needs to be a space between the string tolower command and the opening curly brace:
switch [string tolower [HTTP::host]] {
I updated the post above so it should load. Can you give that a try?
Thanks,
Aaron - mart_58302
There was a typo in this line:
switch [string tolower [HTTP::host]]{
There needs to be a space between the string tolower command and the opening curly brace:
switch [string tolower [HTTP::host]] {
I updated the post above so it should load. Can you give that a try?
Thats better, everything works great! - mart_58302One more question, how to serve another, different cache3.pac on the same VIP and URL. Adding second iRule to this VIP or modifing the same iRule? The cache3.pac is same as cache.pac, except proxy address path (proxygateway2.internal:8080)
