Forum Discussion
NimbostratusWorking on a iRule for applying on a "Performance (Layer 4)" VIP.
folks, I am working on a iRule which actually needs to allow a particular URI for a particular set of IP's only. If the URI is different then allow all IP's.
The challenge is that since this VIP is defined as a "Performance (Layer 4)" VIP we are unable to use HTTP_REQUEST in the iRule. Through some other posts I found the CLIENT_ACCEPTED can be used in the iRule. However, I still am confused how can I build the iRule.
Will something like "URI::path contains" work here?
regards, Nik
5 Replies
- The_Bhattman
Hi Nik,
Here is link that can provide some info of what you can do with CLIENT_ACCEPTED
https://devcentral.f5.com/wiki/iRules.CLIENT_ACCEPTED.ashx
Kevin_Davies_40Nacreous
URI::path requires you feed it a URI which you cannot get at layer 4 so its no use to you. You will need to use FastHTTP at a minimum which gives you HTTP_REQUEST event.
jgranieriHello Nik, My understanding is that Performance L4 VIP cannot have Irule processing, especially if you are trying to do URI parsing.
N_67263yes. I am still trying to gind a way of achieving what I need.- N_67263
I went through the comments and feedback provided by the members but still trying to find out a way I can achieve my end goal.
I understand why my iRule is not getting applied after our discussion last week. This being a Performance(Layer 4) VIP, and HTTP working at Layer 7 is causing the mistmatch.
The other option I see that is to use Performance(HTTP) kind of Virtual server. But, can I use Port translation here? Essentially, my VIP is listening on port 443 and then the servers in the pool are listening on port 7800. Should this be a problem?
If not, in case the Performance(HTTP) is used I believe the iRule I am trying should work.
Any comments?
The SSL certificate is also on the servers and not on the F5.
