Forum Discussion

krisdames's avatar
krisdames
Icon for Cirrus rankCirrus
Feb 13, 2013

To iRule or not to iRule?

Hi all,

 

 

Long time watcher, first time poster. My F5 is v11.2.1. I have read a ton of questions about reverse proxies and that's what I need to do, but it seems to me like I should not need an iRule (such as the one at https://devcentral.f5.com/wiki/iRules.proxypassv10.ashx) just to accomplish this.

 

 

I have a site that needs to send all traffic to a particular URI, let's call it "/FOO", to a pool of Tomcat servers listening for the context /FOO. All other traffic goes to another pool which is a Drupal site.

 

 

I have this working until I use the URI /foo (all lowercase). Traffic goes to the correct pool, but Tomcat is listening at /FOO and not /foo. What is the easy way to rewrite this? I'm sure I can accomplish it with an iRule but it seems like I should be able to accomplish this with a profile of some kind. I'm using two different HTTP Classes to accomplish the pool assignment now. I've been looking at a Stream profile and that seems like it should work but it just isn't. I'm not sure how to debug the Stream profile to figure out why it is failing. My Stream profile has a blank source and the target is just this:

 

 

@foo@FOO@

 

 

So should I just write a simple iRule for this or is there something I am missing with my current attempt to use profiles?

 

 

Thanks in advance,

 

Kris

 

 

application delivery
dev
devops
iRules

7 Replies

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Feb 13, 2013
    I've been looking at a Stream profile and that seems like it should work but it just isn't. I'm not sure how to debug the Stream profile to figure out why it is failing.

    are you using http profile?

     

     

    When you configure the virtual server with the HTTP profile, the Stream profile performs only the search and replace procedure on the HTTP payload. This applies to both client requests and server responses.

    sol8115:Overview of the Stream profile

     

    http://support.f5.com/kb/en-us/solutions/public/8000/100/sol8115.html

     

  • krisdames's avatar
    krisdames
    Icon for Cirrus rankCirrus
    Feb 13, 2013
    Yes, I have confirmed I am using a HTTP profile. For good measure, I removed the HTTP profile and tested but the results are the same.

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Feb 14, 2013
    this is mine. 

    [root@ve11a:Active:Changes Pending] config  tmsh list ltm virtual bar
ltm virtual bar {
    destination 172.28.20.14:80
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        mystream { }
        tcp { }
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vlans-disabled
}
[root@ve11a:Active:Changes Pending] config  tmsh list ltm pool foo
ltm pool foo {
    members {
        200.200.200.101:80 {
            address 200.200.200.101
        }
    }
}
[root@ve11a:Active:Changes Pending] config  tmsh list ltm profile stream mystream
ltm profile stream mystream {
    app-service none
    defaults-from stream
    target @foo@FOO@
}

 test

[root@ve11a:Active:Changes Pending] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.19.251(38337) <-> 172.28.20.14(80)
1360832106.9030 (0.0017)  C>S
---------------------------------------------------------------
GET /foo/something HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.20.14
Accept: */*

---------------------------------------------------------------

New TCP connection 2: 200.200.200.13(38337) <-> 200.200.200.101(80)
1360832106.9081 (0.0031)  C>S
---------------------------------------------------------------
GET /FOO/something HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.20.14
Accept: */*

---------------------------------------------------------------
  • krisdames's avatar
    krisdames
    Icon for Cirrus rankCirrus
    Feb 15, 2013

    Steve,

     

    Would you elaborate on your reply? Thanks!

     

     

    --

     

    Kris

     

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Feb 15, 2013
    You could also use a HTTP Class for thise.g. 

    [root@ve10:Active] config  b virtual bar list
virtual bar {
   snat automap
   pool foo
   destination 172.28.19.252:80
   ip protocol 6
   httpclass myhttpclass
   profiles {
      http {}
      tcp {}
   }
}
[root@ve10:Active] config  b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}
[root@ve10:Active] config  b profile myhttpclass list
profile httpclass myhttpclass {
   defaults from httpclass
   pool none
   redirect none
   url rewrite "[string map {/foo /FOO} [HTTP::uri]]"
   paths "/foo/*"
}

 test

[root@ve10:Active] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.18.204.232(14004) <-> 172.28.19.252(80)
1360976747.8596 (0.0020)  C>S
---------------------------------------------------------------
GET /foo/something HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-SG
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: 172.28.19.252
Connection: Keep-Alive

---------------------------------------------------------------

New TCP connection 2: 200.200.200.10(14004) <-> 200.200.200.101(80)
1360976747.8615 (0.0017)  C>S
---------------------------------------------------------------
GET /FOO/something HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-SG
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: 172.28.19.252
Connection: Keep-Alive

---------------------------------------------------------------
  • krisdames's avatar
    krisdames
    Icon for Cirrus rankCirrus
    Feb 18, 2013
    I decided to go with the HTTP Class using string map and it is working. Thank you all for the help!