20 Lines or Less #61: Switch Maintenance, Customer Redirection and Referrers

What could you do with your code in 20 Lines or Less? That's the question I like to ask for the DevCentral community, and every time I go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head.

Every time I get to write about iRules, it's a good day. Even more so when I get to write about awesome iRules doing all kinds of cool things in less than 21 lines of code. That's why I come back time and again with the 20LoL, because not only is there so much good stuff to talk about, but it's just so darn much fun, and this week is no exception. After perusing the forums for a bit this week I had no trouble finding a few more examples of iRules goodness to share that highlight concepts from proper switch utilization to conditional redirection based on referrer to allow effective site access layering.


Switch Maintenance
User haxzorian was having a bit of trouble getting a particular page to load and was concerned about it possibly being an iRule issue. To remove all doubt one of our DevCentral MVPs smp weighed in with a clinic on proper switch usage. Including not only the little known functionality of the double hyphen "--", but also a brief demonstration of how to use "-glob" for matching, this could prove useful to anyone looking to do some switching, or looking to brush up. The rule itself is simple but handy, directing traffic to a given pool based on the HTTP path, a good one to have in your quiver for a time where it may be needed.

   1: timing on
   2: when HTTP_REQUEST {
   3:   switch -glob -- [string tolower [HTTP::path]] {
   4:     "/devicepairingstage*" {
   5:       pool ianappsstage-pool-https
   6:       log local0.debug  "uri: [HTTP::uri]"
   7:       log local0.debug  "[client_addr] hit devicepairingstage"
   8:     }
   9:     "/devicepairing*" { 
  10:       pool ianapps-pool-https
  11:       log local0.debug "uri: [HTTP::uri]"
  12:     }
  13:   }
  14: }


Massive Customer Redirects
When looking to perform a huge number of lookups from within an iRule, there's really only one way to go about it - classes. With a look at how to use a class to structure a redirect for a long list of users, this example may be useful to more than a few iRulers out there. This could, of course, be a list of not just users but any piece of data you wish to key off of. It's also a great look at a simple scan that can be quite handy, and the scan command itself is amazingly high performance and flexible. This easy introduction to it is a good place to start, but if you're like me, it won't be enough and you'll want to learn more.

   1: when HTTP_REQUEST {
   2:   if {[string tolower [HTTP::host]] equals "www.website.com"} {
   3:     scan [HTTP::uri] {/%s} cust
   4:     set pl [class match -value $cust equals redirect_class]
   5:     if {$pl ne ""} {
   6:       HTTP::redirect "http://[string map "www $pl" [string tolower [HTTP::host]]][HTTP::uri]"
   7:     }
   8:   }
   9: }


Referrer Inspection
Last but not least a brief look at using the HTTP referrer header to ensure that requests bound for a given portion of your application or site originate from, well, your site. Keep in mind that headers are easy to spoof, so this isn't 100% guaranteed to stop would be bad guys, but it's still cool logic and most certainly useful. Take a look then think about whether or not there may be portions of your site you want accessible only from another page in your site/app.

   1: when HTTP_REQUEST {
   2:   switch -glob [string tolower [URI::host [HTTP::header "Referer"]]] {
   3:     "www.mywebsite.com"
   4:     "www.contentwebsite.com" {
   5:       # Allow Request to go through...
   6:     }
   7:     "" {
   8:       HTTP::respond 200 content ""
   9:       log local0 "Blank Referer from IP: [IP::client_addr]"
  10:     }
  11:     default {
  12:       HTTP::redirect [HTTP::header "Referer"]
  13:       log local0 "Blocked Referer: [HTTP::header value Referer] from IP: [IP::client_addr]"
  14:     }
  15:   }
  16: }


There you have it, three more examples of iRules doing those things that only iRules can do, in the short span of 20 Lines or Less. Two more weeks, three more examples of code - see you next time.

Published Aug 22, 2012
Version 1.0

Was this article helpful?

No CommentsBe the first to comment