For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JRahm's avatar
JRahm
Icon for Admin rankAdmin
Mar 22, 2005

SSL, Cookie persistence, and Redirection

I have two sites that use BigIP, with 3DNS doing the global load balancing. We have no global persistence due to the ldns design of our clients, so request are round-robin currently. The application...
application delivery
dev
devops
iRules
JRahm's avatar
JRahm
Icon for Admin rankAdmin
Apr 08, 2005
Putting it all together, I have: 

when HTTP_REQUEST { 
   if { [HTTP::cookie exists "g2_cooks"] { 
     HTTP::cookie decrpt "g2_cooks" "iggus99!" 
     set vipid [lindex [HTTP::cookie g2_cooks] 0] 
     set poolid [lindex [HTTP::cookie g2_cooks] 1] 
     set serverid [lindex [HTTP::cookie g2_cooks] 2] 
     set portid [lindex [HTTP::cookie g2_cooks] 3] 
     if { [catch { use pool $poolid member $serverid $portid }] } { 
       log "$serverid:$portid not local, redirecting to https://$vipid/[HTTP::uri]/" 
       redirect to "https://$vipid/[HTTP::uri]/" 
       reject 
       return 
     } 
     else { 
       use pool $poolid member $serverid $portid 
     } 
   } 
 } 
  
 when HTTP_RESPONSE { 
   HTTP::cookie insert name g2_cooks value [concat [virtual name] [LB::server]] 
   HTTP::cookie encrpt "g2_cooks" "iggus99!" 
   }

A couple of questions:

1) Can I use lindex to pull arguments directly from the cookie, or do I need to set a variable first?

2) In the event I'm redirecting instead of rejecting, do I need the return statement?