Forum Discussion

Derek_Murphy_38's avatar
Derek_Murphy_38
Icon for Nimbostratus rankNimbostratus
Oct 08, 2010

simple proxypass irule question

Hi,

 

Will the proxypass irule be parsed on every single request that comes into a virtual server? Or can I do something like wrapping the whole script with a

 

when HTTP_REQUEST {

 

if [HTTP::uri] starts_with "/discover" {

 

 

}

 

}

 

 

I'm not sure if this is something that would be effective... and maybe unnecessary if the proxypass irule is just ignored unless the strings defined in the datagroup are matched?

 

  • bump. Anyone have any thoughts?

     

     

    I'm noticing that when debug logging is turned on that the proxypass irule seems to being interpreted on every request of a uri. That's going to cause a lot of overhead.

     

     

    However, even worse, the proxypass rule is taking down certain parts of my site. I tried wrapping the entire irule in a when HTTP_Request { { if [HTTP::uri starts_with "/discover" }{ -rest of proxypass rule- } } statement but it didn't seem to like that. I also was going to just insert if statements into each "when" block, but some of them gave me syntax errors.

     

     

    Is there an easy way to make sure that the irule is only processed after every other irule is processed?
  • Hey Derek,

     

     

    Will have to see what I missed on the old thread - unfortunately I got lost in the fray. The iRule will be processed, at least initially, for every request (if OneConnect is one, and every connection if it is not) that arrives at this virtual server. The entire rule shouldn't necessarily need to be processed, however. I wouldn't worry too much about it unless you see it making a significant difference in the CPU of your devices or the performance times. On the devices I did my proxypass testing with, I didn't see any affect on either.

     

     

    The best answer to your question about the order of processing is that iRules are all processed in parallel, but events are processed in serial. This was a strange concept at first, but makes sense when taken from the correct view. If you have two rules on a virtual server and they are something like follows:

     

     

    irule_1

     

    when CLIENT_ACCEPTED{

     

    }

     

    when HTTP_REQUEST {

     

    }

     

    when HTTP_RESPONSE {

     

    }

     

     

    irule_2

     

    when CLIENT_ACCEPTED {

     

    }

     

    when HTTP_RESPONSE {

     

    }

     

     

    The CLIENT_ACCEPTED events will fire for the rules - I believe in the order that they are listed/loaded into memory, then the HTTP_REQUEST for rule_1, and then again the HTTP_RESPONSE for both irule_1 and irule_2. This is a slightly different paradigm than what I, at least, had originally expected which was: irule_1 -> CLIENT_ACCEPTED -> HTTP_REQUEST -> HTTP_RESPONSE -> irule_2 -> CLIENT_ACCEPTED -> HTTP_RESPONSE.

     

     

    You can specify a priority for events, though. I had to do this, in fact, with proxypass to be sure the WAM I was testing saw the original headers and not the proxypass-modified headers. This talks a little more about priorities for events:

     

    http://devcentral.f5.com/wiki/Default.aspx/iRules.priority

     

     

    I'm still rather puzzled by the fact that it seems to be causing such problems. I will check the old thread to see if there are more details on exactly what happens when it is enabled. Otherwise, there isn't much to go on.

     

     

    // Ben