iRules 101 - #12 - The Session Command
One of the things that makes iRules so incredibly powerful is the fact that it is a true scripting language, or at least based on one. The fact that they give you the tools that TCL brings to the tab...
Updated Oct 14, 2024
Version 2.0
steveh
Nimbostratus
NimbostratusI've had nothing but problems trying to use 'persist lookup' and 'session lookup' commands in my irules, but i can't see the reason for the infamous "prerequisite operation not in progress" error. here's my irule in case anyone else can find the problem:
NB: due to my delivery model, there is no default pool configured for the virtual server.
iRule:
when CLIENT_ACCEPTED {
set add_persist 1
set DEBUG 1
}
when HTTP_REQUEST {
set req_uri [string tolower [URI::path [HTTP::uri] 1 1]]
switch -glob $req_uri {
"/" -
"/?Open*" -
"*.exe*" -
"*.dll*" -
"*.pl*|" -
"*.php*;*" -
"/index.html" -
"/manager*" -
"/status*" -
"/sysProps*" -
"/healthCheck*" {
Unautorized Access Attempted
log local0. "Unauthorized access by Host [IP::remote_addr] detected for URI: [HTTP::uri]"
HTTP::respond 404 "Access ForbiddenThis security violation has been logged.
"
}
}
set http_request_time [clock clicks -milliseconds]
set request_log_line "[HTTP::request_num] - [IP::remote_addr] - [HTTP::method] - [HTTP::version] - [HTTP::host] - \"[HTTP::uri]\" - \" [HTTP::header value Referer] \" - \"[HTTP::header User-Agent]\" - \"[HTTP::cookie value JSESSIONID]\" - [SSL::cipher name] - [SSL::cipher version] - [SSL::cipher bits]"
if { [HTTP::cookie exists JSESSIONID] } {
set sid [HTTP::cookie JSESSIONID]
set orig_uri [session lookup uie [list $sid any virtual]]
log local0.crit "lookup original URI: $orig_uri"
if { $DEBUG } {
log local0.crit "Got request with sid: $sid; req-URI: $req_uri; http-request: [HTTP::uri]"
}
if { $orig_uri equals $req_uri } {
if { $DEBUG } {
log local0.crit "orig: $orig_uri, curr: $req_uri; got valid result from lookup and servicing request"
}
persist uie $sid
} else {
if we get here, we have an error
if { $DEBUG } {
log local0.crit "Persistence entry: [HTTP::cookie JSESSIONID] has URI: $orig_uri, but I got $req_uri. Request cannot be handled!"
}
HTTP::respond 404 "Access ForbiddenThis security violation has been logged.
"
}
}
switch -glob [string tolower [HTTP::uri]] {
"/client01*" {
Maintenance page redirect
HTTP::redirect http://www.foo.com/maintenance/maintenance.htm
}
"/sec_prod*" {
use pool eapp_clu01
}
"/sec_stage*" {
use pool stage_clu04
}
}
}
when HTTP_RESPONSE {
HTTP::header replace Server "HaloWeb"
HTTP::header replace X-Powered-By "HaloWeb Hosting Solution"
if { [HTTP::cookie exists "JSESSIONID"] and $add_persist } {
set persist_string "[HTTP::cookie JSESSIONID]:$req_uri"
set sid [HTTP::cookie JSESSIONID]
persist add uie $sid 1920
session add uie $sid $req_uri 1920
if { $DEBUG } {
log local0.crit "Create new persistence hash: $sid, stored URI: $req_uri"
}
set add_persist 0
}
if { [HTTP::header exists "Content-Length"] } {
set content_length [HTTP::header "Content-Length"]
} else {
set content_length 1
}
set http_response_time [clock clicks -milliseconds]
log local0. "$request_log_line - [HTTP::status] - $content_length - [expr $http_response_time - $http_request_time] - pool [LB::server pool] - node [LB::server addr]:[LB::server port]"
}