Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

how to pass F5 by adding the IRULES?

F5User888
Nimbostratus
Nimbostratus

Hello, i try to send the Rest services but it get stuck on F5.

can you please let me know if the following IRULE looks ok? my URL include in the string below:  /webservices/rest/test_01/testlogin

thanks a lot!

jzhen168_0-1670982899121.png

 

8 REPLIES 8

Hi @F5User888 

all the ACCESS commands are related to the APM module of BIG-IP. See clouddocs.f5.com >> iRules >> ACCESS.
You could use a much simpler iRule

 

when HTTP_REQUEST {
    if { [HTTP::path] eq "/my/wonderful/api" } {
        pool api_pool
    } else {
        reject
    }
}

 

If the request URI matches your API forward the request to the pool. Else send a RESET to the client.

KR
Daniel

Thanks a lot Daniel!
we have 15 path need to access like below:
in your example, do we need to add anything to F5 for "pool api_pool" or this is a completed example?
also, will my IRule works even if it is not as simpler as your example? Thanks again!

 

F5User888_1-1671007360616.png

 

In that case I would go with a switch statement indeed. This should work.
Are you using LTM only? Or APM too? The ACCESS commands are related to APM. Unless you have APM, you cannot use them.

when HTTP_REQUEST {
    switch -glob -- [string tolower [HTTP::path] {
        "/url1/*" -
        "/url2/*" - 
        "/url3/*" {
            pool api_pool
        }
        default {
            reject
        }
    }
}

 

Thanks a lot! I think we use APM.

In case you have APM you could use a Per-Request Policy with URL Branching.

prp_URL_filter.png

See AskF5: Manual Chapter : Configuring URL branching for step-up authentication

Thanks, we already have a very complicated IRule for client cert acess from browse in place and working fine, but it is blocking anything access outside browse, so we hope this will accomplish what we need. I will get back to you shortly. Thanks again!

Thanks a lot Daniel!
After added the IRule, the same web Services request, it works using curl from local PC, but cannot access from inside Oracle database below:
SQL> select utl_http.request('https://VIP.domain.com/test/testlogin',null, 'file:/apps/oh1/db/tech_st/11.2.0/wallet', ‘password’) from dual;
getting connection time out, do you know if whitelist the databse server IP will resolve the issues? Thanks again! very appreciate it!!

I think it would be useful to take a tcpdump on the BIG-IP to see which device is sending the timeout.

KR
Daniel