Forum Discussion

Sonny's avatar
Sonny
Icon for Cirrus rankCirrus
Mar 08, 2019

URI redirect to pool with port other than 443

I have a VS that has both a client and server SSL profile on 443. When I use the below irule, since the "generic_pool" is NOT listening on 443 (but rather 8443), it doesn't work. We can't change the web servers listening ports. How can I modify the rule to accommodate?

 

when HTTP_REQUEST { if { [HTTP::path] starts_with "/abc"} { set /abc-test_match 1 pool generic_pool } if { [HTTP::path] starts_with "/def"} { set /def-test_match 1 pool generic_pool } if { [HTTP::path] starts_with "/ghi"} { set /ghi-test_match 1 pool generic_pool } }

 

application delivery
iRules
  • KeesvandenBos's avatar
    KeesvandenBos
    Icon for MVP rankMVP
    Mar 08, 2019

    Hi,

    Could you test with this irule?

    when HTTP_REQUEST {
    switch -glob [string tolower [HTTP::path]] {
        "/abc*" { pool generic_pool }
        "/def*" { pool generic_pool }
        "/ghi*" { pool generic_pool }
    }
}

    Cheers,

    Kees

  • jaikumar_f5's avatar
    jaikumar_f5
    Icon for Noctilucent rankNoctilucent
    Mar 09, 2019

    Let us know if we got your requirements correctly.

     

    • So you have a virtual with SSL offload & Re-encrypt & other profiles.
    • Your incoming traffic is going to be SSL and so is your backend servers.
    • Is your backend server running on port 443 or port 8443, from your question I assume its 8443.
    • If its 8443, generic_pool members are IP:8443, right ?
    • Also what is the default pool name that is bound to the VS, the pool members of it are of IP:443, right.
    • Is there a particular reason why the default pools members just can't be replaced from IP:443 to IP:8443, as you said your webservers are listening on 8443. Whichever port the webservers are listening to, just replace the pool member port according to it. Or is there a reason why you are not willing to change the pool members ?
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Mar 12, 2019

    Hi,

     

    when you write an irule which change pool, never forget to define a default statement, even if the virtual server already assigned a default pool...

     

    pool selection is connection based, except if there is oneconnect profile assigned to virtual server, which is false on the vs configuration.

     

    this means that the following URI will have this behavior with your irule:

     

    • URI / --> pool XXXXX_Pool
    • URI /abc/foo/bar --> pool generic_pool
    • URI / --> pool generic_pool (because the previous request changed the pool assigned to the connection)

    try this code:

     

    when CLIENT_ACCEPTED { 
    set default_pool [LB::server pool]
}

when HTTP_REQUEST {
switch -glob [string tolower [HTTP::path]] {
    "/abc*" { pool generic_pool 
               HTTP::path "/abc-test"
            }
    "/def*" { pool generic_pool
              HTTP::path "/def-test" 
            }
    "/ghi*" { pool generic_pool 
              HTTP::path "/ghi-test"
            }
    default { pool $default_pool
            }
    }
}

    if the server respond with absolute URL including port number, the client will request to pool member's port...