Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

iRule to disable OneConnect for a list of source IP addresses

wlopez
Cirrocumulus
Cirrocumulus

‎19-Aug-2021 12:26 - last edited on ‎04-Jun-2023 19:20 by Fog

I'm trying to resolve an issue with a legacy application that doesn't like OneConnect.

All traffic from the legacy application originates from a know list of source IP addresses, which I'm including in an iRule Data Group called 'Legacy_App'. The current iRule is sending traffic from those source IP addresses to a specific pool called 'pool_Legacy'. The virtual server has an http profile and OneConnect profile with a /32 netmask. All other applications connecting to the virtual server are working fine. I'm only looking for a way to disable OneConnect specifically for traffic coming from the addresses in the Data Group 'Legacy_App'.

This is what the current iRule looks like:

when CLIENT_ACCEPTED {
  if {[class match [IP::client_addr] equals Legacy_App]} {
    pool pool_Legacy
  }
}

I've seen the OneConnect options for iRules:

       ONECONNECT::reuse disable

       ONECONNECT::detach disable

Will adding one of those work?

Should they be used with the CLIENT_ACCEPTED event?

Labels:
0 Kudos
3 REPLIES 3

Dario_Garrido
MVP
MVP

‎27-Aug-2021 03:08

Hello wlopez.

 

You have an example of how to use it here.

 

Regards,

Dario.

Regards,
Dario.
0 Kudos

wlopez
Cirrocumulus
Cirrocumulus
In response to Dario_Garrido

‎01-Sep-2021 16:04 - last edited on ‎04-Jun-2023 19:19 by Fog

Thanks for replying.

I had read that article but am not clear of how to use it to accomplish my goal.

I'm looking on how to take OneConnect completely out of the picture for all traffic originated from the list of IP addresses included in the "Legacy_App" iRule data group.

Will something like this accomplish that?

    when CLIENT_ACCEPTED {
      if {[class match [IP::client_addr] equals Legacy_App]} {
        ONECONNECT::reuse disable
        pool pool_Legacy
      }
    }
0 Kudos

Dario_Garrido
MVP
MVP
In response to wlopez

‎02-Sep-2021 02:26 - last edited on ‎04-Jun-2023 19:19 by Fog

Actually, "CLIENT_ACCEPTED" is not a valid event.

I would use this instead:

when HTTP_REQUEST {
  if {[class match [IP::client_addr] equals Legacy_App]} {
    ONECONNECT::reuse disable
    pool pool_Legacy
  }
}

Let me know if it works as expected.

Regards,

Dario.

Regards,
Dario.
0 Kudos
Copyright © 2023 Khoros, LLC