Hi, I am just in the process of setting our new big IP load balancers. We will be migrating our old cisco content switches over these in the next week to this. What we require is to be able to content switch our servers based on the url. ie if a user types www.mydomain.com/test1 they get redirected to one server pool if a user types www.mydomain.com/test2 they get redirected another We have setup SSL offloading and our VIP is setup we just cant work out how to do the content switch part. We are looking at creating an Iapp but having a look at the template creation we are not sure where to start. Is a iapp the way to do this and if so any help getting a template setup would be great. Thanks Matt

Try this - https://devcentral.f5.com/wiki/iRules.http__uri.ashx The sample irule should work for your use case, for example: when HTTP_REQUEST { if { [HTTP::uri] starts_with "/test1" } { pool test1_pool } elseif { [HTTP::uri] starts_with "/test2" } { pool test2_pool } }

Will this work with SSL offloading as the request will be HTTPS? Many thanks

Yes, just ensure you have a ssl client profile defined on the VIP to decrypt the data.

Great thanks for the help will give it a try. Thanks as you can tell I am complete F5 noob

Will this work with SSL offloading as the request will be HTTPS? Many thanks You'd necessarily have to offload the SSL at the F5 with a client SSL profile, so yes.

SSl Offloading Content Switching

11 Replies

MVA
Nimbostratus
Jul 01, 2014
Try this - https://devcentral.f5.com/wiki/iRules.http__uri.ashx

The sample irule should work for your use case, for example:

when HTTP_REQUEST {

if { [HTTP::uri] starts_with "/test1" } {

pool test1_pool

} elseif { [HTTP::uri] starts_with "/test2" } {

pool test2_pool

}

}
matthew_b_16251
Nimbostratus
Jul 01, 2014
Will this work with SSL offloading as the request will be HTTPS? Many thanks
MVA
Nimbostratus
Jul 01, 2014
Yes, just ensure you have a ssl client profile defined on the VIP to decrypt the data.
matthew_b_16251
Nimbostratus
Jul 01, 2014
Great thanks for the help will give it a try. Thanks as you can tell I am complete F5 noob
Kevin_Stewart
Employee
Jul 01, 2014
Will this work with SSL offloading as the request will be HTTPS? Many thanks

You'd necessarily have to offload the SSL at the F5 with a client SSL profile, so yes.
matthew_b_16251
Nimbostratus
Jul 02, 2014
Ok I have the above working with Pools, how would also add host URLs to this irule. I have two more URLS to get working which are running on servers which are already in my pools.

So if I have a node which is already in a pool that runs a forum for example so I want to redirect /forum/ to an individual server.

Many thanks Matt

Kevin_Stewart

Employee

Jul 02, 2014

At some point you may want to switch to a switch (pun intended) for an easier read. As for sending traffic to a specific node, you can use the node command directly, or a variation of the pool command if the node is a member of a pool:

when HTTP_REQUEST {
    switch -glob [string tolower [HTTP::uri]] {
        "/test1*" {
            pool pool1
        }
        "/test2*" {
            pool pool2
        }
        "/forum*" {
            pool pool1 member 10.80.0.1 80
            node 10.80.0.1 80
        }
    }
}

matthew_b_16251
Nimbostratus
Jul 03, 2014
Great thank you I have switched to the switch and it is much cleaner I have allot or URLS to switch in our environment, my testing is working well.

Thanks Matt
matthew_b_16251
Nimbostratus
Jul 04, 2014
Hi I am having problems with this now :-/. The AppOffline url works the web Forum and IRD does not. I am trying to cut over from two old cisco content switches. Also I want all other request to go to my default web pool is this possible?

when HTTP_REQUEST { switch -glob [string tolower [HTTP::uri]] { "/WebForum" { pool Main-WS-Pool member 192.168.10.211 80 } "/AppOffline" { pool IIS01-IISO2-Pool } "/IRD" { pool IIS01-IISO2-Pool } "/supplier_test_F" { pool IIS01-IISO2-Pool } "/DataCapture" { pool IIS01-IISO2-Pool } "/supplierG" { pool IIS01-IISO2-Pool } "/UAT*" { pool IIS01-IISO2-Pool member 192.168.10.11 80 }
Kevin_Stewart
Employee
Jul 04, 2014
Two things:

You're doing a [string tolower ] evaluation but the match URIs aren't lowercase. Not sure how the /AppOffline condition is working.

I would probably consider using wildcard matches for these URIs. (Ex. "/webforum*").

As for a default condition, simply use a "default" condition at the bottom of the switch.

switch x { "B" { do something } "C" { do something } default { do something } }

Forum Discussion

SSl Offloading Content Switching

11 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

"Content Switching" to non-addressable virtual server

offloading content with ifiles

Layer 7 Content Routing in F5 XC

DevCentral Content Highlights

iRule to modify a content-security-policy header