20 Lines or Less #38 – Classes, Encryption Detection & Caching

What could you do with your code in 20 Lines or Less? That's the question I ask (almost) every week for the devcentral community, and every week I go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head.

This week we’ve got a couple awesome new examples from two of the community all-stars, and one dusty old example from my archives. They’re all cool and useful, so take a peek and see what you think. If you want a problem solved or to submit an example, feel free, I’m always looking for feedback or ideas for the 20LoL, just drop me a line.

Class field parsing & updating Host info

http://devcentral.f5.com/s/Default.aspx?tabid=53&forumid=5&postid=1171133&view=topic

Matt shows off why they call him L4L7 in this example of how to use some iRules fu to match class contents, parse it and then act on it.  The requirement was updating the host header inline, while maintaining the mappings of what to change and what to change it to in a class, and that gets done in style.

when HTTP_REQUEST { 
  #find a match using host+uri against the class and 
  #returns the whole string (field1 field2 field3)then 
  #set it as newURI variable. 
  set newURI "[findclass [HTTP::host][HTTP::uri] $::redlist]" 
  if { $newURI ne "" } { 
    # Parse the three fields in the matched datagroup line 
    scan $newURI {%s %s %s} unused host uri 
    #change host and uri 
    if {$host ne ""}{ 
      HTTP::header replace Host $host
    } 
    if {$uri ne ""}{ 
      HTTP::uri $uri 
    } 
  } 
} 

HTTP connections over 443

http://devcentral.f5.com/s/Default.aspx?tabid=53&forumid=5&postid=1171154&view=topic

For a look at how to gracefully handle non encrypted HTTP traffic over port 443 (you know, just in case) hoolio has you covered this week.  Basically this inspects the traffic and if there was an SSL cipher used, redirects requests to “/” to the login page. If there is no cipher used, meaning the traffic is not encrypted but is still coming over port 443, any requested URI is redirected to the SSL enabled login page. Handy stuff.

when HTTP_REQUEST { 
  # Check if the client used an SSL cipher 
  if {not ([catch {SSL::cipher version} result]) && $result ne "none"}{ 
    # Client did use a cipher 
    log local0. "\$result: $result. Allowing encrypted request." 
    if {[HTTP::path] eq "/"}{
      HTTP::redirect "https://[getfield [HTTP::host] : 1]/Login.jsp"
    }
  } else { 
    # Client did not use a cipher 
    log local0. "\$result: $result. Redirecting unencrypted request." 
     HTTP::redirect "https://[getfield [HTTP::host] : 1]/Login.jsp"
  } 
}

Selective browser caching

Taking a trip in the way-back machine I decided to dig into my archives of cool iRule goodness for our third example this week.  Here’s a little iRule that I acquired along the way somewhere (I’m not going to claim I wrote it, since I can’t remember if it was me or someone else) that was simple but useful.  Create two classes of file extensions, one to be cached long term (jpgs, gifs, pngs, etc) and one to be cached for a much shorter duration (css, html, whatever) then easily tell the client’s browser how to handle each.

when HTTP_REQUEST {
  set uri [HTTP::uri]
}

when HTTP_RESPONSE {
  if { [matchclass $uri ends_with $::cache_5min] } {
    HTTP::header replace "Cache-Control" "max-age=500"
  } elseif { [matchclass $uri ends_with $::cache_60min] } {
    HTTP::header replace "Cache-Control" "max-age=3600"
  }

}

That’s the 20LoL this week, thanks for playing. I’ll be back next week with more iRules goodness, so make sure to check back in.

#Colin