13-Dec-2022 17:58
Hello, i try to send the Rest services but it get stuck on F5.
can you please let me know if the following IRULE looks ok? my URL include in the string below: /webservices/rest/test_01/testlogin
thanks a lot!
13-Dec-2022 22:13 - edited 13-Dec-2022 22:14
Hi @F5User888
all the ACCESS commands are related to the APM module of BIG-IP. See clouddocs.f5.com >> iRules >> ACCESS.
You could use a much simpler iRule
when HTTP_REQUEST {
if { [HTTP::path] eq "/my/wonderful/api" } {
pool api_pool
} else {
reject
}
}
If the request URI matches your API forward the request to the pool. Else send a RESET to the client.
KR
Daniel
14-Dec-2022 00:43
Thanks a lot Daniel!
we have 15 path need to access like below:
in your example, do we need to add anything to F5 for "pool api_pool" or this is a completed example?
also, will my IRule works even if it is not as simpler as your example? Thanks again!
14-Dec-2022 01:09
In that case I would go with a switch statement indeed. This should work.
Are you using LTM only? Or APM too? The ACCESS commands are related to APM. Unless you have APM, you cannot use them.
when HTTP_REQUEST {
switch -glob -- [string tolower [HTTP::path] {
"/url1/*" -
"/url2/*" -
"/url3/*" {
pool api_pool
}
default {
reject
}
}
}
14-Dec-2022 02:02
Thanks a lot! I think we use APM.
14-Dec-2022 04:00
In case you have APM you could use a Per-Request Policy with URL Branching.
See AskF5: Manual Chapter : Configuring URL branching for step-up authentication.
14-Dec-2022 05:15
Thanks, we already have a very complicated IRule for client cert acess from browse in place and working fine, but it is blocking anything access outside browse, so we hope this will accomplish what we need. I will get back to you shortly. Thanks again!
16-Dec-2022 15:26
Thanks a lot Daniel!
After added the IRule, the same web Services request, it works using curl from local PC, but cannot access from inside Oracle database below:
SQL> select utl_http.request('https://VIP.domain.com/test/testlogin',null, 'file:/apps/oh1/db/tech_st/11.2.0/wallet', ‘password’) from dual;
getting connection time out, do you know if whitelist the databse server IP will resolve the issues? Thanks again! very appreciate it!!
20-Dec-2022 00:40
I think it would be useful to take a tcpdump on the BIG-IP to see which device is sending the timeout.
KR
Daniel