Convert HTTP iRule to TCP
We have a client/server application that uses a private written client that connects to a server through the LTM. The client app is installed on the users local workstation and then is used to connect to a virtual server on our LTM. The client sends the initial connection request as a malformed header which contains a session id that is then used for persistence. The current iRule we are using contains HTTP commands, so a HTTP profile is required on the virtual server. But, since this not a true HTTP application, we have some issues when using the HTTP profile. So, I am trying to convert the existing iRule from using the HTTP commands and try and use the TCP payload to get the session id. I am an amateur iRule creator, so I was hoping to get some help and to even see if this is possible. The current iRule is listed below. I want to achieve the same result but with using the TCP payload. That way the HTTP profile will not be needed. Current iRule when RULE_INIT { #Sets logging level (0 = no logging 1 = logging) set ::debug 0 #Sets persistence timeout in seconds set ::timeout 900 } when HTTP_REQUEST { #Checks if Content-Session header exists if { [HTTP::header exists "Content-Session"] }{ #Grab Content-Session header value set sessionid [HTTP::header "Content-Session"] if {$::debug}{ log local0. "Content-Session value for [IP::client_addr] is: $sessionid"} #Persist connection based on Content-Session value catch { persist uie $sessionid $::timeout } } } when HTTP_RESPONSE { #Checks for Content-Session header if { [HTTP::header exists "Content-Session"] }{ #Grap Content-Session header value set sessionid [HTTP::header "Content-Session"] if {$::debug}{ log local0. "Content-Session value for [IP::remote_addr] is: $sessionid"} #Setup Persistence record catch { persist add uie $sessionid $::timeout } } }
Citrix SSL GW VIp
Have a question here that may seem remedial however having challenges creating a custom VIP on a F5 where SSL is decrypted, sent in the clear to some security reverse proxy devices (if the traffic was HTTP) and for the non-http traffic (ICA) we need to send it directly to the SSL GW backend(different pool). We have this successfully working with a Netscaler(just as a LB) by attaching a content switch policy to the VIP that does: if http request then > security devices, else default pool is the SSL gw. Our challenge on F5 is that if we create a HTTP VIP we can implement a irule but the non-HTTP traffic seems to be getting dropped. If we change it to a TCP VIP then we cannot attach an irule with HTTP functions. SNIP: when CLIENT_ACCEPTED { #Sets the default pool pool pool-ctx-direct } when HTTP_REQUEST { #Changes the pool if an HTTP request is received. pool pool-rp } Thx in advance for the help.