Forum Discussion

CraigM_17826's avatar
Icon for Altostratus rankAltostratus
Aug 10, 2011

URI redirects using external files

Hi everyone,



I have a rather slack web team which because of issues with the CMS they use they prefer to have the BigIP to do a lot of URI based redirects. At first I didn't mind too much, but now it is being used for virtually every redirect they require. Too add to this I need to replicate these redirects over 8 internal envronments they use for various stages of testing. So I am now looking at applying these redirecrs differntly, hopefully in a way that they can do it themselves without having to give them access to the BigIP itself.



At the moment I use HTTP classes for the redirects, but I was wondering if it is possible to access a remote file that could contain the list of redirects along with the redirect URI



example, /contact-us , /pubic/contactus



The idea being to give control to the web people without giving them access to the BigIPs and risk them mucking up the iRules or something else.



Has anyone done anything like this before?



Our BigIPs are still on the latest rev 10 patch level, we haven't jumped to 11 yet, depsite it being 1 louder :)








3 Replies

  • Hi CraigM,



    I don't believe that you can relocate the file off of the local file system. The only options I am aware of are a Data Group within the local configuration file or an external class which is on the local file system (/var/class if I am not mistake).



    I would suggest an iControl solution, but you would still be stuck in an access issue since the access account would require elevated permissions (there are ways around this but they each have their own unique challenges to implement).



    If I am incorrect or you find a way to accomplish what you are needing please post the solution here. I would love to read it.
  • HI Michael,



    about the only thing I could think of is if I could mount NFS mount a remote filesystem on to the BigIP and then use the External DataGroup option, pointing it at the NFS mountpoint. Not sure if nfs is avaialbel/supported on the BigIps though. I can see why F5 would want to restrict external files to the local file system because of NFS issues caused by network connectivity or failure of the NFS server. Another option to explore would be to scp to a sepecific directory where the external class files will reside, that way they can update them locally and then upload them to the BigIP, onmly issues I can see are



    1. Replication. I would have to do a manual replication to the other BigIP, and this assumes the sync includes the /var/classes tree. If not then they will hace to copy the file to both nodes.


    2. I think I recall reading somewhere that changes made to external files are not automatically picked up and that you need to restart a service to re-read the files. So there may be some manual intervention still required.



    Well I'll plod along trying a few things too see if it's it acheivable and more importantly is stable/reliable.






  • Another option would be to use the Crontab on the BIG-IP to SCP the files to itself (self-update) on a given schedule (I would suggest SSH Keys...and I am also quite cautious about giving access to the devices, so I prefer that the devices themselves go fetch).



    That would allow you to have a central location for pickup and negate your replication issues.



    It could also allow you to advertise a replication schedule that the update any update requests could be published by.



    The biggest problem that I see with this is validation. If an improperly formatted update file is implemented you could get some strange behavior.



    Food for thought.