Forum Discussion
milo
Nimbostratus
NimbostratusThis iRule should be simple
I was asked to create a security policy that forwarded traffic based on specific strings in the URI to a 3rd party server via SSL. After cobbling a few rules together, I came up with something that a...
Kevin_Davies_40
Nacreous
NacreousThe pool command affects the destination for the current TCP connection. Subsequent HTTP requests within the same connection will go to the selected pool unless you specifically tell it to go elsewhere. Looking over your iRule I can't see any large optimizations but here are some updates that may assist.
Send traffic to a secure service when string found in URI
when HTTP_REQUEST {
set secure_service 0
if { [HTTP::uri] contains "/abc/s" } {
HTTP::uri "/10521/[findstr [HTTP::uri] {abc} 4]"
snatpool secure_snat
pool secure
set secure_service 1
log "The secure request received is [findstr [HTTP::uri] {abc} 4]"
log "The secure URL is [HTTP::uri]"
} else {
pool my.site.com
SSL::disable
log "Client connected to default pool - [LB::server] "
log "The securentry URL is [HTTP::uri]"
}
}
when HTTP_RESPONSE {
if { $secure_service } {
log "HTTP Status is [HTTP::status] from server [IP::remote_addr]"
log "Service is $secure_service"
}
}- results of commands inside an event are cached so you can use repeatedly
- zero is false, 1 is true
- the first "if" defines what is considered a secure service, the second "if" is redundant as a result.
- SSL::disable can be used in the HTTP event.
Jarvil