Forum Discussion

GBurch's avatar
GBurch
Icon for Altostratus rankAltostratus
Dec 10, 2019

SWG iRule reading session variable

We are using Secure Web Gateway as a forward proxy server. One of the iRules we have in place is passing data to another iRule via the Query String in the URL, which is causing problems.

 

I'm trying to change this so that the variables we need to send are saved in session variables instead, but have only had partial success, I was hoping someone could shed some light on where I'm going wrong.

 

The first iRule is successfully storing the data into session variables:

 

				set host [HTTP::host]
				set uri [HTTP::uri]
				if {[ACCESS::session data get session.custom.initialhost] != "$host"} {
					ACCESS::session data set session.custom.initialhost "$host"
					ACCESS::session data set session.custom.initialurl "$uri"
				}

 

But the second iRule doesn't seem to be reading the data from these variables. I changed the lines:

 

    set uri_list [split [HTTP::uri] &]
    set new_uri [join [lrange $uri_list 3 end] "/"]
    set full_redirect "[lindex $uri_list 1]://[lindex $uri_list 2]/$new_uri"
    HTTP::redirect "$full_redirect"

 

to

 

    set uri_list [split [HTTP::uri] &]
    set new_uri [join [lrange $uri_list 3 end] "/"]
    set full_redirect "[ACCESS::session data get server.network.protocol]://[ACCESS::session data get session.custom.initialhost][ACCESS::session data get session.custom.initialurl]"
    HTTP::redirect "$full_redirect"

 

but it doesn't seem to have made any difference, the second iRule is still using the variables from the Query String rather than the session variables. I had planned to tidy up the now unnecessary lines of code (i.e. to read the Query String data) after confirming the rule was working as expected.

 

To troubleshoot, I did remove the extra lines including changing the first rule to not add the values to the Query String. The second iRule just behaved as if it had been passed blank variables. I even attempted to add extra plain text to the end of the set full_redirect string, but it didn't appear, almost as if the changes to the iRule hadn't been saved.

 

Is there something wrong with my code, or is there something wrong on the F5 causing it to fail to read the variables, or to execute the old (cached?) version of the iRule instead?

 

Many thanks

devops
iRules
Secure Web Gateway
session variables
No RepliesBe the first to reply