cancel
Showing results for 
Search instead for 
Did you mean: 

iRule to disable OneConnect for a list of source IP addresses

wlopez
Cirrostratus
Cirrostratus

I'm trying to resolve an issue with a legacy application that doesn't like OneConnect.

All traffic from the legacy application originates from a know list of source IP addresses, which I'm including in an iRule Data Group called 'Legacy_App'. The current iRule is sending traffic from those source IP addresses to a specific pool called 'pool_Legacy'. The virtual server has an http profile and OneConnect profile with a /32 netmask. All other applications connecting to the virtual server are working fine. I'm only looking for a way to disable OneConnect specifically for traffic coming from the addresses in the Data Group 'Legacy_App'.

 

This is what the current iRule looks like:

when CLIENT_ACCEPTED { if {[class match [IP::client_addr] equals Legacy_App]} { pool pool_Legacy } }

I've seen the OneConnect options for iRules:

       ONECONNECT::reuse disable

       ONECONNECT::detach disable

 

Will adding one of those work?

Should they be used with the CLIENT_ACCEPTED event?

3 REPLIES 3

Hello wlopez.

 

You have an example of how to use it here.

 

Regards,

Dario.

Regards,
Dario.

Thanks for replying.

I had read that article but am not clear of how to use it to accomplish my goal.

I'm looking on how to take OneConnect completely out of the picture for all traffic originated from the list of IP addresses included in the "Legacy_App" iRule data group.

 

Will something like this accomplish that?

when CLIENT_ACCEPTED { if {[class match [IP::client_addr] equals Legacy_App]} { ONECONNECT::reuse disable pool pool_Legacy } }

 

Actually, "CLIENT_ACCEPTED" is not a valid event.

 

I would use this instead:

when HTTP_REQUEST { if {[class match [IP::client_addr] equals Legacy_App]} { ONECONNECT::reuse disable pool pool_Legacy } }

Let me know if it works as expected.

 

Regards,

Dario.

Regards,
Dario.