For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

richard_arthur_'s avatar
richard_arthur_
Icon for Nimbostratus rankNimbostratus
Feb 02, 2016

Use HTTP_Referer to select pool

Trying to figure out iRules here to help the app team. They want to use the HTTP_Referer to select which pool to use. Is that possible? IS the below code close to correct? Thanks.

 

This is the request:

 

If HTTP_REFERER is http://remotepay-pt.test.com then

 

LB VIP:10.77.5.201, Port: 80 Need to load balance to 10.79.241.197 & 10.79.241.201 with port 7080

 

LB VIP:10.77.5.201, port: 443 Need to load balance to 10.79.241.197 & 10.79.241.201 with port 7443

 

Else

 

LB VIP:10.77.5.201, Port: 80 will load balance to 10.79.241.197 & 10.79.241.201 with port 80

 

LB VIP:10.77.5.201, port: 443 will load balance to 10.79.241.197 & 10.79.241.201 with port 443

 

Assume two irules would be needed, one for the port 80 and one for the 443 VS. Assume REMOTEPAY_80 and REMOTEPAY_443 are the default pools and REMOTEPAY_7080 and REMOTEPAY_7443 are the new ones. Would the below code work? For the 443 it would change to https and the pool names properly.

 

when HTTP_REQUEST {

 

set referrer_host [URI::host [HTTP::header value Referer]]

 

if { $referrer_host eq "http://remotepay-pt.test.com" } {

 

pool REMOTEPAY_7080

 

}

 

else { pool REMOTEPAY_80

 

}

 

}

 

application delivery
BIG-IP
iRules

3 Replies

  • Theo_12742's avatar
    Theo_12742
    Icon for Cirrus rankCirrus
    Feb 02, 2016

    One correction and one tweak. According to URI::host, it only returns the host, not the protocol associated with it, so just remove "http://" from the string:

    when HTTP_REQUEST { 
    set referrer_host [URI::host [HTTP::header value Referer]]
    if { $referrer_host eq "remotepay-pt.test.com" } { 
        pool REMOTEPAY_7080 
    } else {
        pool REMOTEPAY_80 
    } 
}

    You could also remove the variable since it's only called once...

    when HTTP_REQUEST { 
    if { [URI::host [HTTP::header value Referer]] eq "remotepay-pt.test.com" } { 
        pool REMOTEPAY_7080 
    } else {
        pool REMOTEPAY_80 
    } 
}
  • cjunior's avatar
    cjunior
    Icon for Nacreous rankNacreous
    Feb 02, 2016

    Hi, URI::host does not include that protocol, so you could try this way:

     when HTTP_REQUEST {
    if { [HTTP::header value Referer] starts_with "http://remotepay-pt.test.com" } {
        pool REMOTEPAY_7080
    } else {
        pool REMOTEPAY_80
    }
}

    You may not need two iRules by checking VS port:

    when HTTP_REQUEST {
    if { [URI::host [HTTP::header value Referer]] eq "remotepay-pt.test.com" } {
        if { [TCP::local_port] eq 80 } {
            pool REMOTEPAY_7080
        } else {
            pool REMOTEPAY_7443
        }
    } else {
        if { [TCP::local_port] eq 80 } {
            pool REMOTEPAY_80
        } else {
            pool REMOTEPAY_443
        }
    }
}

    Also, you might want to validate that the Referer header exists, e.g.

    if { [HTTP::header exists Referer] and 
        [HTTP::header value Referer] starts_with "http://remotepay-pt.test.com" }

    To get the protocol from Referer:

    set proto [URI::protocol [HTTP::header value Referer]]

    https://devcentral.f5.com/wiki/iRules.URI.ashx

    Respectfully,