Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

how to pass F5 by adding the IRULES?

F5User888
Nimbostratus
Nimbostratus

‎13-Dec-2022 17:58

Hello, i try to send the Rest services but it get stuck on F5.

can you please let me know if the following IRULE looks ok? my URL include in the string below:  /webservices/rest/test_01/testlogin

thanks a lot!

jzhen168_0-1670982899121.png

 

Labels:
0 Kudos
8 REPLIES 8

Daniel_Wolf
Nacreous
Nacreous

‎13-Dec-2022 22:13 - edited ‎13-Dec-2022 22:14

Hi @F5User888 

all the ACCESS commands are related to the APM module of BIG-IP. See clouddocs.f5.com >> iRules >> ACCESS.
You could use a much simpler iRule

 

when HTTP_REQUEST {
    if { [HTTP::path] eq "/my/wonderful/api" } {
        pool api_pool
    } else {
        reject
    }
}

 

If the request URI matches your API forward the request to the pool. Else send a RESET to the client.

KR
Daniel

0 Kudos

F5User888
Nimbostratus
Nimbostratus
In response to Daniel_Wolf

‎14-Dec-2022 00:43

Thanks a lot Daniel!
we have 15 path need to access like below:
in your example, do we need to add anything to F5 for "pool api_pool" or this is a completed example?
also, will my IRule works even if it is not as simpler as your example? Thanks again!

 

F5User888_1-1671007360616.png

 

0 Kudos

Daniel_Wolf
Nacreous
Nacreous
In response to F5User888

‎14-Dec-2022 01:09

In that case I would go with a switch statement indeed. This should work.
Are you using LTM only? Or APM too? The ACCESS commands are related to APM. Unless you have APM, you cannot use them.

when HTTP_REQUEST {
    switch -glob -- [string tolower [HTTP::path] {
        "/url1/*" -
        "/url2/*" - 
        "/url3/*" {
            pool api_pool
        }
        default {
            reject
        }
    }
}

 

0 Kudos

F5User888
Nimbostratus
Nimbostratus
In response to Daniel_Wolf

‎14-Dec-2022 02:02

Thanks a lot! I think we use APM.

0 Kudos

Daniel_Wolf
Nacreous
Nacreous
In response to F5User888

‎14-Dec-2022 04:00

In case you have APM you could use a Per-Request Policy with URL Branching.

prp_URL_filter.png

See AskF5: Manual Chapter : Configuring URL branching for step-up authentication

0 Kudos

F5User888
Nimbostratus
Nimbostratus
In response to Daniel_Wolf

‎14-Dec-2022 05:15

Thanks, we already have a very complicated IRule for client cert acess from browse in place and working fine, but it is blocking anything access outside browse, so we hope this will accomplish what we need. I will get back to you shortly. Thanks again!

0 Kudos

F5User888
Nimbostratus
Nimbostratus
In response to F5User888

‎16-Dec-2022 15:26

Thanks a lot Daniel!
After added the IRule, the same web Services request, it works using curl from local PC, but cannot access from inside Oracle database below:
SQL> select utl_http.request('https://VIP.domain.com/test/testlogin',null, 'file:/apps/oh1/db/tech_st/11.2.0/wallet', ‘password’) from dual;
getting connection time out, do you know if whitelist the databse server IP will resolve the issues? Thanks again! very appreciate it!!

0 Kudos

Daniel_Wolf
Nacreous
Nacreous
In response to F5User888

‎20-Dec-2022 00:40

I think it would be useful to take a tcpdump on the BIG-IP to see which device is sending the timeout.

KR
Daniel

0 Kudos
Copyright © 2023 Khoros, LLC