20 Lines or Less #5

What could you do with your code in 20 Lines or Less? That's the question I ask every week, and every week I go looking to find cool new examples that show just how flexible and powerful iRules can be without getting complicated.

For the real 20LoL this week, we go back to pilfer the wonderful collection of raw brainpower that is the DevCentral forums.  Digging through just a few forum posts gave me a couple of tasty little iRules to share with the class for this week. Not only is this stuff cool, easy to implement, and done in less than 21 lines of code, it's done by real world users that dig this stuff so much they share it with the rest of us. Now that's rockin'.

So without further gilding the lily and with no more adieu, I give you this week's 20 Lines or Less, brought to you by the forums, where good brains come to get better, and kittahs everywhere enjoy their cheezeburgerz.

 

HTTP to HTTPS redirects - in the Location header

http://devcentral.f5.com/s/Default.aspx?tabid=53&forumid=5&postid=23172&view=topic
Ever have a need to ensure that all the redirects being sent by your servers were secure links? Well, if you've ever tried to offload SSL to your LTM with a system that has hard-coded links in it, you just might need to.  Here's a great iRule that will help you dig through redirect responses and make sure they're pointing to those SSL pages in one easy shot.

when HTTP_REQUEST {
   # Save the requested host header value for reference in the response
   set host [HTTP::host]
}
when HTTP_RESPONSE {

   # Check if this is a redirect (30x response status)
   if {[HTTP::is_redirect]}{

      # Replace the http://host with https://host in the Location header
      HTTP::header replace Location [string map -nocase {
http://$host https://$host} [HTTP::header value Location]]
   }
}

 

Multi-faceted selective compression

http://devcentral.f5.com/s/Default.aspx?tabid=53&forumid=5&postid=6745&view=topic
Selective compression is nothing new in the world of the web.  What is new is the ability to combine multiple pieces of data, and perform checks against different data points to decide whether or not compression should be turned on.  Rather than just saying "Yes" or "no" based on a VIP or an incoming URI, why not check the URI, the extension, and the client's IP address?

when HTTP_REQUEST {
  set nocompress 0
  log local0. "comp enabled default "
  if {[matchclass [string tolower [HTTP::uri]] ends_with $::ok_extension] or [matchclass [string tolower [HTTP::uri]] contains $::compress_dir ] and not [matchclass [IP::remote_addr] equals $::no_compress_ip ] } {
    set nocompress 0
    log local0. "setted 0 for ok_extension or compress_dir or ip [IP::remote_addr]"
  } elseif {[matchclass [string tolower [HTTP::uri]] ends_with $::no_extension] or [matchclass [string tolower [HTTP::uri]] contains $::no_compress_dir ] or [matchclass [IP::remote_addr] equals $::no_compress_ip ] } {
    set nocompress 1
    log local0. "setted 1 for no_extension or no_compress_dir or your ip [IP::remote_addr]"
  }
}

Reversing a string without a reverse command

http://devcentral.f5.com/s/Default.aspx?tabid=53&forumid=5&postid=22344&view=topic
Oh those pesky formatting requirements. In this example a member needed to reverse the order of a string, but couldn't make use of a simple command to do so, since it isn't included in the TCL version on LTM.  Hoolio to the rescue, though, with some logic below that spins the data right round, round round.

   # Set a test cert string
   set client_cert_orig {CN=LN.FN.027060322604,OU=CONTRACTOR,OU=PKI,OU=PoP,O=T.Z. Corp,C=TZ}
   log local0. "\$client_cert_orig: $client_cert_orig"

   # Split the cert string into a list
   set client_cert_list [split $client_cert_orig ","]
   log local0. "\$client_cert_list: $client_cert_list"

   # Save the length of the list
   set i [llength $client_cert_list]

   # Reset the value of a new string to save the client cert
   set client_cert ""

   # Loop through the list
   while {$i > 0}{

      # Append the current list item to the string with a forward slash as the delineator
      append client_cert /[lindex $client_cert_list [incr i -1]]
      log local0. "\$client_cert: $client_cert"
   }

 

There you go, another 20LoL in the can, a few more examples ready for your perusal and re-structuring. Grab them, bend them to your whims, and use them for the greater good. Check in every week for more examples of the power of an iRule, in 20 Lines or Less.

 

#Colin

Published May 08, 2008
Version 1.0