Forum Discussion

mbeachy_1737's avatar
mbeachy_1737
Icon for Nimbostratus rankNimbostratus
Nov 23, 2015

I need an Irule that sends initally to Auth server then any other request to secondary pool

First time poster - hope this makes sense.

 

I have two pools and one VIP in this setup.

 

Initially I need anything coming in on https://www.domain.com or any of additional directories https://www.domain.com/pages sent to an authentication server pool off the initial VIP. Once that challenge is authenticated and directed to the initial page I need to be able to hit that same root URL and or any additional directories and have them redirected to the secondary pool as opposed to the Authentication pool. My challenge is I can do one or the other, but not both. Seems like there should be a way for me to do this via an iRule.

 

I've been using variations of the following type of pool configuration - just a small portion of the initial rule.

 

when HTTP_REQUEST { set uri [string tolower [HTTP::uri]] if { $uri starts_with "/pages" } { pool } elseif { $uri starts_with "/directories" } { pool dev.pemcoagents.com_Pool2 } else { if we haven't matched any uri's, we use the default pool pool www.domain.com } }

 

application delivery
iRules

2 Replies

Sort By
  • BinaryCanary_19's avatar
    BinaryCanary_19
    Historic F5 Account
    Nov 25, 2015

    To Me, this sounds like something that the natural authentication mechanism built into your application should be handling.

     

    But if you don't have authentication in your application, we have a product that can do this: Access Policy Manager

     

    With APM, you can create a simple policy that placed in front of your application, will support most modern authentication protocols (including active directory and ldap).

     

  • mbeachy_1737's avatar
    mbeachy_1737
    Icon for Nimbostratus rankNimbostratus
    Nov 25, 2015

    Thank you - I ultimately resolved this by going a different direction. I used an iRule that if the cookie already existed would send the traffic to one pool and if did not exist would send it to the Authentication Pool. That has resolved the issue.