For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Ethan_Erchinger's avatar
Ethan_Erchinger
Icon for Nimbostratus rankNimbostratus
Mar 09, 2006

Snat pool choice based on destination URL

Hi,     We have a group of servers that make outbound HTTP requests to a partner. We'd like requests going to a specific uri, call it partner.com/a to come from a specific pool of addresses. R...
application delivery
dev
devops
iRules
James_Thomson's avatar
James_Thomson
Icon for Employee rankEmployee
Mar 09, 2006
I'd probably like a wildcard vip, like you mentioned, then have basically the same rule, minus the definitions having to do with defining a pool directly.


rule snat_selection {
  when HTTP_REQUEST {
    if { [HTTP::uri] starts_with "/a" } {
      use snatpool snat_a
     } elseif { [HTTP::uri] starts_with "/b" } {
        use snatpool snat_b
    } else {  }
  }
}
snatpool snat_a {
  member x.1.1.1
  
  member x.1.1.16
}
snatpool snat_b {
  member x.1.1.17
  
  member x.1.1.32
}
snatpool snat_default {
  member x.1.1.33
  
  member x.1.1.254
}
pool partner_pool {
  member :80
  monitor all tcp  or whatever is appropriate
}
virtual partner_virtual {
  destination 0.0.0.0  assuming this is defined on your ltm
  snatpool default_snatpool  if necessary
  ip protocol tcp
  profile http
  rule snat_selection
}

You might be able to make it more efficient by using classes and the switch command. Kind of like in this post:

http://devcentral.f5.com/Default.aspx?tabid=28&view=topic&forumid=5&postid=5970

Except, in your class, you'd have

class domain_mappings {

"domain.ca snat_a"

"domain.com snat_b"

"domain.biz snat_c"

"joe.com snat_d"

"fred.us snat_e"

}

Then, your rule would use switch to match the uri to a snatpool. I'm not exactly sure what the rule would look like, but its an idea.