Forum Discussion
jksingh_44237
Nimbostratus
Nov 04, 2011mysql db pool configuration in F5
I have to put two mysql servers behind the F5 to balance the mysql db traffic for web servers... I have created the pool for two node & added for virtual also.... But facing the issue to establish the...
Awkrd1_7470
Nimbostratus
Feb 24, 2012Correct...It should have been on the HTTP_REQUEST. I need to load balance the initial client request, which would not have the HTTP header "datacenter" present. The server inserts the HTTP header "datacenter" 01 or 02 in the response for the client's subsequent request to be used by the i-Rule and returned to the same data center. I modified the rule to add logging;
when HTTP_REQUEST {
set LogString "Client [IP::client_addr]:[TCP::client_port] -> [HTTP::host][HTTP::uri]"
log local0. "============================================="
log local0. "$LogString (request)"
foreach aHeader [HTTP::header names] {
log local0. "$aHeader: [HTTP::header value $aHeader]"
}
log local0. "============================================="
if { [HTTP::header "datacenter"] eq "01" } {
pool PROD-ITA-9045-BILLERICA
log local0. "$HTTP::header"
} elseif { [HTTP::header "datacenter"] eq "02" } {
pool PROD-ITA-9045-WINNIPEG
log local0. "$HTTP::header"
} else {
pool PROD-ITA-9045
}
}
I think it may be working but I am only directed to datacenter-01, which may be a limitation of my SOAPUI client.
Could I not simplify this using universal persistence and a simple i-Rule?
when HTTP_REQUEST {
persist uie [HTTP::header datacenter]
}
- Yoann_Le_Corvi1Jan 23, 2020
Cumulonimbus
Hi
The short answer is (unfortunately) : it depends ! :)
It depends how strict you want to be on the policy, and how much time you have available for the job.
Always : once policy is stabilized, wildcard is removed any parameter not in the list will be blocked.
Selective : wilcard remains, paramters are allowed, but if you have to relax a setting (e.g. disable an attack signature) this will be applied only to the relevant parameter and not to all of them
Never : wildcard remain, and if you relax a setting (e.g. disable an attack signature) this will be applied to the wildcard, i.e. all parameters.
So no real "rule" unfortunately.
Hope this helps in the reflexion ?
Yoann