Forum Discussion
CirrusTCL Error possibly causing TCP Resets?
Try this irule.
when HTTP_REQUEST {
if { [HTTP::has_responded] } { return }
# X-Forwarded header clean-up
if { [HTTP::header exists "X-Forwarded-Host"] } {
HTTP::header remove X-Forwarded-Host
}# Block specific user agents (blocklist)
if { [class match -- [string tolower [HTTP::header "User-Agent"]] contains "/Common/user_agent_blocklist"] } {
log local0. "User_agent [HTTP::header "User-Agent"] is blocked. From: [IP::client_addr]"
drop
return
}# Block Claudebot on specific domains
if { [class match [string tolower [HTTP::host]] contains "/Common/user_agent_block_list_claudebot"] &&
[string tolower [HTTP::header "User-Agent"]] contains "claudebot" } {
log local0. "User_agent [HTTP::header "User-Agent"] is blocked from: [IP::client_addr] for domain [HTTP::host]"
drop
return
}# Block specific referer
if { [HTTP::header "Referer"] contains "https://darknet-markets-onion.com" } {
log local0. "Referer [HTTP::header "Referer"] is blocked. From: [IP::client_addr]"
reject
return
}# Block or allow based on IP class and path
if { [string tolower [HTTP::path]] contains "<redacted>" &&
(![class match [IP::client_addr] equals "/Common/<redacted>"]) } {
log local0. "TDINTERNALWEBAPI dropping traffic from [IP::client_addr] to [HTTP::host][HTTP::uri]"
drop
return
}# Condition for certain paths
elseif { [string tolower [HTTP::uri]] starts_with "/<redacted>" || [string tolower [HTTP::uri]] starts_with "/<redacted>" } {if { ![HTTP::header exists "X-Forwarded-Port"] } {
HTTP::header insert X-Forwarded-Port [TCP::local_port clientside]
}# Pool assignment
pool <pool_name># Check feature flag or maintenance mode
if { [class match "enabled" equals <redacted>] } {
if { [string tolower [HTTP::uri]] starts_with "/<redacted>" } {
HTTP::respond 503 content [ifile get <redacted>.json] "Content-Type" "application/json"
return
} else {
HTTP::respond 503 content [ifile get <redacted>.html] "Cache-Control" "no-store, must-revalidate"
return
}
}
elseif { [active_members <pool_name>] == 0 } {
if { [string tolower [HTTP::uri]] starts_with "/<redacted>" } {
HTTP::respond 503 content [ifile get <redacted>.json] "Content-Type" "application/json"
return
} else {
HTTP::respond 503 content [ifile get <redacted>.html] "Cache-Control" "no-store, must-revalidate"
return
}
}
}# Default pool assignment
else {
pool <pool>if { [class match "enabled" equals <redacted>] } {
if { [string tolower [HTTP::uri]] starts_with "/<redacted>" } {
HTTP::respond 503 content [ifile get <redacted>.json] "Content-Type" "application/json"
return
} else {
HTTP::respond 503 content [ifile get <redacted>.html] "Cache-Control" "no-store, must-revalidate"
return
}
}
elseif { [active_members <pool>] == 0 } {
if { [string tolower [HTTP::uri]] starts_with "/<redacted>" } {
HTTP::respond 503 content [ifile get <redacted>.json] "Content-Type" "application/json"
return
} else {
HTTP::respond 503 content [ifile get <redacted>.html] "Cache-Control" "no-store, must-revalidate"
return
}
}
}
}
NacreousHello pcourtois
As I see you are using [LB::server pool] under HTTP_REQUEST
In this case [LB::server pool] returns default pool as no lb selection has been happened yet
So my question is do you have a default pool configured?
CirrusThanks for your response. No default pool is configured.
- Injeyan_Kostas
So then better look for specific pool active members
like VGF5 mentions below.
