Forum Discussion

Robert_Vernon_1's avatar
Robert_Vernon_1
Icon for Nimbostratus rankNimbostratus
Apr 05, 2013

Uinsing irules to fileter via uri context

So here is my situation:

 

I have a set of servers (poolA) running an 4 applications (context[A-D])

 

http://someserver/contextA

 

http://someserver/contextB

 

http://someserver/contextC

 

etc...

 

 

I need an irule that will evaluate on /$context and then exit.

 

 

I am trying to run a series of nested if/elseif statements, but the F5 processes all the conditions within the irule so that the request sent to the server pool is like this:

 

http://someserver/contextA/contextB/contextC/context/D

 

To which my server promptly replies, "Bugger off. No one lives here by that name!"

 

Any ideas?

 

I am stuck with a single ip and a single dns name.

 

 

Barring that, how could I use an iRule to block access to a particular context say /contextD

 

 

 

 

 

application delivery
dev
devops
irules

4 Replies

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Apr 05, 2013
    Can you show us your iRule? Are you trying to route the traffic to the different applications based on a condition of the request (ie. URI, port, etc.)? If there are 4 different application servers in a single pool, how do you load balance?

    In many cases admins will put the applications into separate pools and then switch pools on the request condition (like the URI). 

    
when HTTP_REQUEST {
   switch -glob [string tolower [HTTP::uri]] {
      "/contexta*" { pool contexta_pool }
      "/contextb*" { pool contextb_pool }
      "/contextc*" { pool contextc_pool }
      default { pool default_pool }
   }
}

    In this way you can provide both load balancing for multiple application servers in a pool, and monitoring.
  • Robert_Vernon_1's avatar
    Robert_Vernon_1
    Icon for Nimbostratus rankNimbostratus
    Apr 07, 2013

    I think I got it:

     

     

    when HTTP_REQUEST {

     

    if { [HTTP::uri] starts_with "/contexta" ||

     

    [HTTP::uri] starts_with "/contextb" ||

     

    [HTTP::uri] starts_with "/contextc" ||

     

    [HTTP::uri] starts_with "/contextd" } {

     

    do nothing

     

    }

     

    else {

     

    HTTP::uri "/contexta[HTTP::uri]"

     

    }

     

    }

     

     

    So I have 4 contexts (they are all on the same server; there are three servers in a single pool, the poll is linked to the VIP). Am I correct if I assume that since I have specified the contexts available on this VIP only those contexts will be accessible by users?

     

    My concern is that I do not wish to expose the jmx console on the application server we are running. Eventually I'd like this rule to parse each context for sanity.

     

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Apr 08, 2013
    So you're saying if the URI starts with /contexta, /contextb, /contextc, or /contextd, let them through, otherwise silently send them to /contexta plus the requested URI. If that's your intention then this is good. You could probably also you a not context and avoid the "do nothing" clause.

     

     

    Last, just to be clear, you're silently sending the user request to the /contexta URI (plus requested URI). The user will still only see the requested URI in the browser and not /contexta. That may, depending on the application, cause problems. It might be worthwhile to simply redirect them via 30x message to the new URI.

     

     

    HTTP::respond 302 Location "/contexta[HTTP::uri]"

     

  • Robert_Vernon_1's avatar
    Robert_Vernon_1
    Icon for Nimbostratus rankNimbostratus
    Apr 10, 2013
    Hmmm

     

     

    Your right Kevin let me check with the application devs and see what they say.