Forum Discussion
JRahm
Jan 25, 2022Admin
I'd probably rewrite the rule to look something like this (make sure to test, no guarantees):
when HTTP_REQUEST priority 500 {
set CHECK_IP [lindex [lsearch -all -inline -not -exact [split [HTTP::header values X-Forwarded-For] "\{\} ,"] {}] 0]
switch -glob -- [HTTP::uri] {
"*/app1/abc/portal/Tracker*" -
"*/app2/cde/Tracker*" -
"*/app3/wps/portal/CaseTracker*" {
if { ([class match -- $CHECK_IP eq DG-INTERNAL-USERS-XFF]) } {
if { [HTTP::uri] contains "/app2/Tracker" } {
HTTP::redirect "https://[HTTP::host]/new-app2/Tracker"
return
} else {
HTTP::redirect "https://[HTTP::host]/app1/old/portal/Tracker/"
return
}
}
}
}
log local0. "the X-Forwarded-For header value is $CHECK_IP"
if { !([class match -- $CHECK_IP eq DG-INTERNAL-USERS-XFF]) } {
if { [class match -- [HTTP::uri] eq DG-URI-LIST] } {
reject
return
}
pool EXTERNAL-POOL
} else {
pool INTERNAL-POOL
}
}
Some notes:
- I like to explicitly return after a redirect, there's no need for the iRule to continue processing
- I added "--" to the class and switch commands to terminate option processing
- I moved the redirects up top since that isn't furthering the connections toward your pool resources
You understand your app, so make sure this makes sense and test, test, test (and not in production.)
- ant77Jan 25, 2022Cirrostratus
Thank you Jason! Your version is a much cleaner and better way of doing it...Thanks again!