Forum Discussion
Albert__Tase_70
Nimbostratus
Nimbostratustrying to merge two seprate ruiles
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/dswsbobje"}{
persist uie [SSL::sessionid] 1500
pool biz-objects_209.34.86.25_7080
} elseif { [HTTP::uri] starts_with "/biod"}{
persist uie [SSL::sessionid] 1500
pool na.crystalreports.com_biod_209.34.86.25_9080
} else {
pool biz_objects_209.34.86.25_8080
persist cookie insert
}}
==============================
when RULE_INIT {
set ::key [AES::key 128]
}
when HTTP_RESPONSE {
set decrypted [HTTP::cookie "secure_cookie"]
HTTP::cookie remove "secure_cookie"
set encrypted [b64encode [AES::encrypt $::key $decrypted]]
HTTP::header insert "Set-Cookie" "secure_cookie=$encrypted; Version=1; Secure; HttpOnly"
}
when HTTP_REQUEST {
set encrypted [HTTP::cookie "secure_cookie"]
HTTP::cookie remove "secure_cookie"
set decrypted [AES::decrypt $::key [b64decode $encrypted]]
HTTP::cookie insert name "secure_cookie" value $decrypted
}
Basically if no matches above use pool biz_objects_209.34.86.25_8080 and cookie persistance and encrypt cookie and apply Secure; HttpOnly" in the response
Both the above rules seem to work independant of each other but they both need to be applied to the same vip thought abouit priority but do not think that would work because rule one would execute then rule two and since rule one has persist cookie insert thinking the cookie would already be there so second rule would not encrypt it so figured best way was to combine the two rules can someone please help me combine the two rules together
Thanks
Al Tase
===================
Everytime I try to merge the two rules always get out of scope error
when RULE_INIT {
set ::key [AES::key 128]
}
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/dswsbobje"}{
persist uie [SSL::sessionid] 1500
pool biz-objects_209.34.86.25_7080
} elseif { [HTTP::uri] starts_with "/biod"}{
persist uie [SSL::sessionid] 1500
pool na.crystalreports.com_biod_209.34.86.25_9080
} else {
when HTTP_RESPONSE {
set decrypted [HTTP::cookie "secure_cookie"]
HTTP::cookie remove "secure_cookie"
set encrypted [b64encode [AES::encrypt $::key $decrypted]]
HTTP::header insert "Set-Cookie" "secure_cookie=$encrypted; Version=1; Secure; HttpOnly"
}
when HTTP_REQUEST {
set encrypted [HTTP::cookie "secure_cookie"]
HTTP::cookie remove "secure_cookie"
set decrypted [AES::decrypt $::key [b64decode $encrypted]]
HTTP::cookie insert name "secure_cookie" value $decrypted
}
pool biz_objects_209.34.86.25_8080
}
}
tired moving the when RULE_INIT to the top of the rule and stiull get the out of scope after the else statement why can't I simply state if it matches do X else generate a cookie and encrypt it and add the secure;HTTPONLY in the response
???
- You might be making this harder than it needs to be. You can simply associate two iRules with the same virtual.
If you still need to merge your iRules, then the problem you're running into is that you're mismatching your "when" statements. Syntacticly, you could do:when RULE_INIT { set ::key [AES::key 128] } when HTTP_REQUEST { First rule set encrypted [HTTP::cookie "secure_cookie"] HTTP::cookie remove "secure_cookie" set decrypted [AES::decrypt $::key [b64decode $encrypted]] HTTP::cookie insert name "secure_cookie" value $decrypted Second rule if { [HTTP::uri] starts_with "/dswsbobje"}{ persist uie [SSL::sessionid] 1500 pool biz-objects_209.34.86.25_7080 } elseif { [HTTP::uri] starts_with "/biod"}{ persist uie [SSL::sessionid] 1500 pool na.crystalreports.com_biod_209.34.86.25_9080 } else { pool biz_objects_209.34.86.25_8080 persist cookie insert } } when HTTP_RESPONSE { set decrypted [HTTP::cookie "secure_cookie"] HTTP::cookie remove "secure_cookie" set encrypted [b64encode [AES::encrypt $::key $decrypted]] HTTP::header insert "Set-Cookie" "secure_cookie=$encrypted; Version=1; Secure; HttpOnly" }
but that's just a syntatic merge. You should check the business logic to make sure it still does what you want.
