20 Lines or Less #44: Redirecting, Re-encrypting, and TCP fun

What could you do with your code in 20 Lines or Less? That's the question I ask (almost) every week for the devcentral community, and every week I go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head.

This week I’ve got some cool forum examples including Chris Miller’s awesome example of doing a redirect, but in an interesting way that includes an iRule generated HTML page with an in-line meta refresh, some cool SSL re-encryption logic, and a look at how you can use TCP and node commands to send TCP requests.

HTTP Redirect with Holding Page


Chris whipped up a cool example of HTTP redirection. The user wanted to be able to send users to a holding page for a given amount of time before redirecting them.  Using HTTP::respond, this was pretty straight forward.  A very cool example of controlling the user experience via iRules.  And yes, I’m cheating slightly by doubling up braces to get this one down to 20 lines (I’m also counting the HTTP::respond as one line since it technically is, it’s just continued on multiple lines for readability). Sue me, it’s a cool rule. ;)

  if { [TCP::local_port] eq "80"  } {
    persist source_addr 1800
    if { [HTTP::host] == "www.domain.co.uk" or "www.domain.com" or "www.domain.org" } {
      HTTP::respond 200 content \

Apology pagehttp://www.domain.com/aba/>\

We are sorry, but the site you are looking for is temporarily out of service.

" "Content-Type" "text/html"
    } else {
      pool Web_Farm_Front
  }   elseif { [TCP::local_port] eq "443"  } {
    HTTP::header insert "BPL-SSL" "On"
    pool Web_Farm_Front
  } else {
    set srvr [findclass [TCP::local_port] $::Individual_Servers " "]
    if { $srvr ne "" } {
      node $srvr 80
    }  else {
      HTTP::redirect "http://www.domain.net/"
}  }

Selective SSL Re-encryption


Another Chris Miller special, this iRule shows a good way to take HTTP traffic, decrypt it, analyze it, send it to the appropriate pool, and then re-encrypt only some of that traffic as needed.  It’s not going to solve the user’s problem, unfortunately, but that’s because of specific app requirements. It’s still a pretty cool piece of code.

  set usessl 0
     switch -glob [string tolower[HTTP::path]] {
       "/main*" {
           pool beta__pool
           set usessl 1
       default {
           pool alpha_pool
           set usessl 0
  if { $usessl == 0 } {


TCP Out of Band Send on Pool Down


Thanks to some good ideas from Aaron, I put together what I think is a pretty interesting iRule that should (it’s untested) allow you to check for all pool members of a particular pool to be down, and if that’s the case, send a TCP request off to a node of your choosing with a custom message as sort of an alert to notify that the pool is down.  Hopefully this solves the user’s issue, but regardless I like the concept and I’m now looking for a place to try it out.

  if {[active_members yourpoolname] == 0 } {

  TCP::payload replace 0 [TCP::payload length] "down"
  node 12000

There you are, another few iRules that can get some solid work done in less than 21 lines.


Published Jan 27, 2011
Version 1.0

Was this article helpful?

No CommentsBe the first to comment