For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ramig_184705's avatar
ramig_184705
Icon for Nimbostratus rankNimbostratus
Mar 18, 2015

URI based pool selection

Hi,

I have a requirement to forward particular URIs to different pools as per the following:

---> backend_server_address:8080

--->backend_server_address:8082

To implement this forwarding I used the below iRule: pool0=backend_server_address:8080 pool1=backend_server_address:8082

when HTTP_REQUEST {
  set my_uri [string tolower [HTTP::uri]]
  if {$my_uri starts_with "/abc" } {
    pool pool1
  } else {
    pool pool0
  } 
 }

When I access the backend server directly using it will redirect me (HTTP/301) to where the page is displayed.

However when this is tested through F5 LTM using the above iRule, the page is requested from the backend server using but the redirect is not happening instead I am getting a 404 since /abc is not a physical directory on the backend server.

Any idea why the virtual server is not following the same redirection as a normal client accessing the site.

Thanks, Rami

```

3 Replies

  • Michael_Jenkins's avatar
    Michael_Jenkins
    Icon for Cirrostratus rankCirrostratus
    Mar 18, 2015

    Does your backend server expect any specific host header on the request?

    Also, if you have CLI access, you could try using 

    curl
    to test that uri from the F5 box. Something like 
    curl -vvv http://backend_server_address:8082/abc
    . That should give you the same experience as testing from your local machine as you mentioned getting the 301. What response do you get from that?

  • ramig_184705's avatar
    ramig_184705
    Icon for Nimbostratus rankNimbostratus
    Mar 18, 2015

    I tried to access the website using curl from the CLI, it gives the 301.

     

    The backend server is set to accept any host header (*).

     

  • THi's avatar
    THi
    Icon for Nimbostratus rankNimbostratus
    Mar 18, 2015

    Your iRule is selecting the pool based on the existence of /abc in the request. It does not alter the request itself. So forwarding to pool1 with uri /abc. Now if I understood right this path does exist on the backend server and it will do a redirect to /. Which will result as a new request. Should you actually change the uri at the BIG-IP itself instead of the backend server?

     

    The new request may be the culprit, based on the way BIG-IP handles http requests. Do you have OneConnect on? As a default, without OneConnect profile enabled, the iRule is triggered on the first request and on subsequent requests the traffic goes to the pool selected on the first one. If you have one connect enabled, then the iRule is evaluated on all requests and the iRule will parse and select pool0. There are ways of enabling OneConnect behaviour within the iRule, too (LB::detach etc).