Forum Discussion
rjordan
Nimbostratus
May 04, 2011Stop processing iRule if condition is met?
I have an existing iRule that directs traffic to various pools based on the host name. It was requested that connections from specific source IPs be directed to specific nodes. I added this functionality in the CLIENT_ACCEPTED event in the iRule but the node decision seems to be "overridden" during the HTTP_REQUEST event. Is there a way to stop processing the rule in my IF statement? Or should move the IF statement into the HTTP_REQUEST?
Below is a simplified version of the iRule. Please excuse minor syntax issues, I just wrote it so you can see the basic functionality and flow.
when CLIENT_ACCEPTED {
if { [IP::client_addr] equals 1.2.3.4 } {
node 192.168.10.10 80
}
}
when HTTP_REQUEST {
if { [HTTP::host] contains domain1.com {
pool domain1.com_pool
}
elseif { [HTTP::host] contains domain2.com {
pool domain2.com_pool
}
else {
pool domain.com_pool
}
}
- rjordan
Nimbostratus
I also tried the rule below but it behaves the same way. I need any request from 1.2.3.4 to direct to 192.168.10.10 80, regardless of the hostname. Instead, it is directing the request to one of the pools.when HTTP_REQUEST { if { [IP::remote_addr] equals 1.2.3.4 } { node 192.168.10.10 80 } if { HTTP::host contains "domain1.com" } { pool domain1.com_pool } elseif {HTTP::host contains "domain2.com" } { pool domain2.com_pool } else { pool domain.com_pool } }
- Colin_Walker_12Historic F5 AccountTry this:
when CLIENT_ACCEPTED { set httpfunctions 1 if { [IP::client_addr] equals 1.2.3.4 } { node 192.168.10.10 80 unset httpfunctions } } when HTTP_REQUEST { if { [info exists httpfunctions]} { if { [HTTP::host] contains domain1.com { pool domain1.com_pool } elseif { [HTTP::host] contains domain2.com { pool domain2.com_pool } else { pool domain.com_pool } } }
- rjordan
Nimbostratus
Hey Colin,when HTTP_REQUEST { if { HTTP::host contains "domain1.com" } { pool domain1.com_pool } elseif {HTTP::host contains "domain2.com" } { pool domain2.com_pool } elseif { [IP::remote_addr] equals 1.2.3.4 } { node 192.168.10.10 80 } else { pool domain.com_pool } }
- Matt_Breedlove_
Nimbostratus
This seems like one of these should work. Will need syntax correction most likelywhen HTTP_REQUEST { if { [IP::remote_addr] equals 1.2.3.4 } { node 192.168.10.10 80 return } if { HTTP::host contains "domain1.com" } { pool domain1.com_pool } elseif {HTTP::host contains "domain2.com" } { pool domain2.com_pool } else { pool domain.com_pool } }
when HTTP_REQUEST { if { [IP::remote_addr] equals 1.2.3.4 } { node 192.168.10.10 80 } else { if { HTTP::host contains "domain1.com" } { pool domain1.com_pool } elseif {HTTP::host contains "domain2.com" } { pool domain2.com_pool } else { pool domain.com_pool } } }
when CLIENT_ACCEPTED { if { [IP::client_addr] equals 1.2.3.4 } { node 192.168.10.10 80 return } } when HTTP_REQUEST { if { [HTTP::host] contains domain1.com { pool domain1.com_pool } elseif { [HTTP::host] contains domain2.com { pool domain2.com_pool } else { pool domain.com_pool } }
- rjordan
Nimbostratus
Yeah, I think return should do the trick. I will probably use this in other iRules where I can't simply manipulate the order of the statements. For now, my current iRule is working properly. I would estimate only .01% of the requests actually match the IP, so I don't expect much more load than doing it in CLIENT_ACCEPTED. Thanks Colin and Matt for all the suggestions. - Colin_Walker_12Historic F5 AccountI was just trying to keep the node command up in the CLIENT_ACCEPTED event where you put it originally. If you're okay with moving it to the end of the if/else chain, then that's definitely the simplest solution.
- Colin_Walker_12Historic F5 AccountAs far as the return command, that will probably work but I'd want to test it to be sure it kicks you all the way out of the iRule every time, not just out of the CLIENT_ACCEPTED event.
- hoolio
Cirrostratus
return will only exit the current event in the current rule. If you want to prevent all subsequent iRule events from any iRule on the virtual server from running, you can use 'event disable all'. Or if you want to do it just for select code in this or another rule on the same virtual server, you could set a variable in CLIENT_ACCEPTED and then check the value in subsequent code before running it. - Colin_Walker_12Historic F5 AccountSee, I knew I was leery for a reason, I just couldn't recall (since I rarely use return) and didn't get to testing it yet (whee conference calls!).
Recent Discussions
Related Content
Â
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects