Forum Discussion

charkitp's avatar
charkitp
Icon for Nimbostratus rankNimbostratus
Sep 17, 2021

iRule for HTTP redirect with URL based to specific pool member

Hi There,

 

I am working on an iRule for redirection URLs and distribute traffic to the specific pool members. below is a requirement

 

F5 VS perform SSL offload

HTTP profile with "all" rewrite_redirect enable

F5 pool "http_pool" contain

pool member = server_1 (10.1.20.11:80)

pool member = server_2 (10.1.20.12:80)

 

Redirect URLs

  1. From https://abc.com/map1/abc/services TO https://abc.com/land/abc/services then send this traffic to pool member "server_1:80"
  2. From https://abc.com/map2/abc/services TO https://abc.com/land/abc/services then send this traffic to pool member "server_2:80"
  3. Discard traffic accessing https://abc.com/map1/admin and https://abc.com/map2/admin
  4. Discard other paths https://abc.com/*

 

My iRule so far below

 

when HTTP_REQUEST {

switch -glob [string tolower [HTTP::uri]] { 

/map1/admin* -

/map2/admin* {

drop

log "Drop direct connection via admin URI"

}

/map1* {

  pool http_pool member 10.1.20.11 80

HTTP::redirect [string map {"map1" "land"} [HTTP::uri]]

log "redirect [HTTP::uri] to [LB::server addr]"

}

/map2* {

  pool http_pool member 10.1.20.12 80

HTTP::redirect [string map {"map2" "land"} [HTTP::uri]]

log "redirect [HTTP::uri] to [LB::server addr]"

}

/land* {

  pool http_pool <<<<<<<<< with this traffic will load balancing among them rather than direct to single server

}

default {

drop

log "Disallow [HTTP::uri]"

  }

  }

}

 

It is partial works so far. Traffic redirects to /land/ then it will hit the catch on pool configuration. This won't meet the requirement no.1/2 as the traffic need to go to the different pool member. I attempt to insert a specific cookie as part of the redirect condition, update the /land/ with a defined cookie name, and send it out to a particular node. Still not working. Would you mind shade me some light to get it works?

 

Thanks

CK

3 Replies

  • xuwen's avatar
    xuwen
    Icon for Cumulonimbus rankCumulonimbus

    you should use HTTP::uri to rewrite client's http request uri,

    iRules:

    when HTTP_REQUEST {

    switch -glob [string tolower [HTTP::uri]] { 

    "/map1/admin*" -

    "/map2/admin*" {

    drop

    log "Drop direct connection via admin URI"

    }

    "/map1/*" { 

    HTTP::uri [string map {"map1" "land"} [HTTP::uri]]

    pool http_pool member 10.1.20.11 80

    }

    "/map2/*" {

    HTTP::uri [string map {"map2" "land"} [HTTP::uri]]

      pool http_pool member 10.1.20.12 80

    }

    "/land/*" {

      pool http_pool

    }

    default {

    drop

      }

      }

    }

    • charkitp's avatar
      charkitp
      Icon for Nimbostratus rankNimbostratus

      Thanks, xuwan for your response. i'll retest the iRule and confirm the soltuion

       

      CK

  • [OT]

    have you considered using a policy instead of an irule?

    (I find them much more maintainable and even if they are less flexible they should do what you ask)