20 Lines or Less #59: SSL Re-encryption, Mobile Browsing, and iFiles

What could you do with your code in 20 Lines or Less? That's the question I like to ask for the DevCentral community, and every time I go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head.

In a shocking turn of events, this week we have three awesome iRules examples from the forums to go through in the 20 Lines or Less. Okay...that's neither shocking or really a turn of events, since that seems to be the case every couple of weeks when I get to have some fun publishing this series, but I've always wanted to use that phrase. Mission Accomplished. In this not so shocking and largely completely expected happening, I've dug through the forums to find some awesome examples by nitass, an old hand at 20LoL greatness, and a relatively new user, Eric, whipping up some sweet examples of iRules goodness in less than a scant 21 lines.

This week there is SSL encryption exemption for either single or multiple cases, a simple look at one way to manage mobile users inbound to your app, which is something that is (or should be) on just about everyone's mind these days, and a look at another relatively new iRules feature: iFiles. Preamble aside, here comes the code:

 

Selective SSL Drop

https://devcentral.f5.com/s/Community/GroupDetails/tabid/1082223/asg/50/aft/2163559/showtab/groupforums/Default.aspx

Eric has a strong debut as a 20LoL entrant with his response to fellow member Brian's question about SSL termination and handling requests to both HTTP and HTTPS pools on the back end. With a relatively simple iRule this becomes easy, as you can see below. SSL is becoming more and more ubiquitous, and having a way to selectively turn on or off encryption on the back end based on a simple lookup from a data group is a very handy notion indeed. As such, this is one of those iRules you might just want to stick in a folder somewhere "in case", for later.

 

   1: when CLIENT_ACCEPTED {
   2:   SSL::disable serverside
   3: }
   4:  
   5: when HTTP_REQUEST {
   6:   if { ![class match [string tolower [HTTP::path]] starts_with standard_http_dg] } {
   7:     SSL::enable serverside
   8:   }
   9: }

iRule to Redirect Mobile Browsers

https://devcentral.f5.com/s/Community/GroupDetails/tabid/1082223/asg/50/aft/2163608/showtab/groupforums/Default.aspx

nitass is up to his usual, helpful routine, handling chungyu's question with ease. The original question is basically a request for a way to redirect mobile browsers to a particular URL, presumably a mobile version of the site/app in question. This is only for certain host/uri combinations, but that's not much of a twist within an iRule. The example is straight-forward but darn handy, given how much traffic is being generated by mobile devices these days. Also, this same iRule could be easily modified to provide individual versions of the site customized for each browser, if so desired.

   1: when HTTP_REQUEST {
   2:    if { [string tolower [HTTP::host][HTTP::uri]] contains "www.mcgill.ca/desautels" } {
   3:       switch -glob [string tolower [HTTP::header User-Agent]] {
   4:          "*blackberry*" -
   5:          "*iphone*" -
   6:          "*android*" -
   7:          "*windows phone os 7*" {
   8:             HTTP::redirect "http://desautels.mobilizeme.com"
   9:          }
  10:       }
  11:    }
  12: }

Maintenance/sorry page with iFile

https://devcentral.f5.com/s/Community/GroupDetails/tabid/1082223/asg/50/aft/2163537/showtab/groupforums/Default.aspx

The notion of a custom error page via iRules is as old as ... well ... iRules, or v9 at least. Normally this would be either a redirect to a backup system hosting the error/maintenance page, or for those particularly tricky folks, an in-line HTML section within their iRule that would respond directly from the BIG-IP. While this worked, it was frustratingly hard to manage when dealing with more complex pages, and it made the iRule logic itself a bit of an afterthought, quickly outnumbering the iRule lines with HTML by many orders of magnitude. With iFiles, however, you can now store your entire HTML page, along with images, on your BIG-IP and then access them directly from within an iRule. It looks like this:

   1: when HTTP_REQUEST {
   2:   if {[active_members [LB::server pool]] < 1} {
   3:     switch [HTTP::uri] {
   4:       "/" { HTTP::respond 200 content [ifile get "index"] }
   5:       "/f5-logo.jpg" { HTTP::respond 200 content [ifile get "logo"] }
   6:    }
   7:   }
   8: }

 

As you can see, the 20LoL is replete with awesome iRules examples, as always, and as we tread our way steadily towards 200 iRules examples I see no signs of things stopping. If you've got wicked iRules examples that make the 20LoL cut, definitely let me know. Until then, I'll see you in two weeks with more iRules goodness in bite sized chunks.

Published Jul 11, 2012
Version 1.0
No CommentsBe the first to comment