Periodic iCall script to auto-generate NodeIP-to-NodeName datagroup
Problem this snippet solves: Hi Folks, the iCall script and handler below can be used to auto-generate a NodeIP-to-NodeName datagroup on scheduled intervals. The auto-generate datagroup can then be used to resolve the [LB::server addr] output to the coresponsing node name label using the [class match -value] syntax. Cheers, Kai How to use this snippet: Tweak the periodic intervals (in seconds) of the iCall handler as needed. Import the provided iCall script and handler using the tmsh load config merge from-terminal syntax Take a look to the configured data-groups and LTM logfiles to verify the results. Use [class match -value [LB::server addr] DG_IP_2_NODENAME] within an iRule to resolve the name of a selected pool member. Code : sys icall script DataGroup_NodeIP_to_NodeName { app-service none definition { set nodelist "" set nodecounter 0 # tmsh::log "iCall: Starting to enumerate existing node objects..." foreach partition [tmsh::get_config auth partition] { set partition "/[tmsh::get_name $partition]" # tmsh::log "iCall: Processing Partition: $partition" tmsh::cd $partition set nodes [tmsh::get_config /ltm node] foreach node $nodes { # tmsh::log "Processing Node : $partition/[tmsh::get_name $node]" append nodelist "\"[tmsh::get_field_value $node "address"]\" \{ data \"[tmsh::get_name $node]\" \}\n" incr nodecounter } # tmsh::log "Finished Partition: $partition" } tmsh::cd "/Common" if { not ([tmsh::list /ltm data-group] contains "ltm data-group internal DG_IP_2_NODENAME") } then { tmsh::log "iCall: Created the data-group \"DG_IP_2_NODENAME\"." tmsh::create /ltm data-group internal "DG_IP_2_NODENAME" type "string" } else { # tmsh::log "iCall: The DataGroup does exist." } eval "tmsh::modify /ltm data-group internal DG_IP_2_NODENAME \{ records replace-all-with \{ $nodelist \} \}" tmsh::log "iCall: Updated the data-group DG_IP_2_NODENAME with \"$nodecounter\" entries." } description none events none } sys icall handler periodic DataGroup_NodeIP_to_NodeName { first-occurrence 2016-09-12:00:00:00 interval 60 script DataGroup_NodeIP_to_NodeName } Tested this on version: 12.0694Views0likes1CommentList single record from data-group on CLI
I'm trying to query the data of a particular record within a data-group via the command line. However when I pass in the record name it still returns all records. user1@LTM1:Active:Changes Pending] ~ # tmsh list ltm data-group internal ants_test_dg records { record_one } ltm data-group internal ants_test_dg { records { record_one { data value_one } record_three { data value_three } record_two { data value_two } } } I'm sure there must be a simple thing I'm missing here, could someone please advise? Many thanks Ant285Views0likes2CommentsPrint string found in Data Group to Log
I have an iRule that is looking in the HTTP POST request method data payload for a string that is defined in a data-group. I would like to print to the log whichever string from the referenced data-group is found. # See https://devcentral.f5.com/s/question/0D51T00006i7hpJSAQ/irule-to-block-requests-with-specific-word # #ltm data-group internal restricted_dg { #records { #restricted {} #} #type string #} when HTTP_REQUEST_DATA { set payload [HTTP::payload] if {[class match [string tolower $payload] contains "restricted_dg"]} { # set variable named restricted_text to the string found in $payload # that matches something in data-group restricted_dg log local0. "Rejecting restricted content $restricted_text" reject } }498Views1like2CommentsControlling Bots
Problem this snippet solves: Webbots, you can't live with them, you can't live without them... This iRule determines if a webbot is accessing your systems and assigns them to a lower priority resource. The first example includes the bot list inside the rule and uses the switch statement to find a match. Code : when HTTP_REQUEST { switch -glob [string tolower [HTTP::header User-Agent]] { "*scooter*" - "*slurp*" - "*msnbot*" - "*fast-*" - "*teoma*" - "*googlebot*" { # Send bots to the bot pool pool slow_webbot_pool } default { # Send all other requests to a default pool pool default_pool } } } ### or if you prefer data groups ### ---- String Class ---- class bots { "scooter" "slurp" "msnbot" "fast-" "teoma" "googlebot" } ---- iRule ---- when HTTP_REQUEST { if { [matchclass [string tolower [HTTP::header User-Agent]] contains $::bots] } { pool slow_webbot_pool } else { pool default_pool } } Tested this on version: 10.0589Views0likes1CommentAlerts for data-group changes
I'd like to receive alerts when members of a data group are added or removed. Is there anyway to get some type of notification sent to an endpoint when one of these actions occurs? I'm using the events notification and subscription components of iControl for network changes like virtual server enables/disables but unfortunately data-group/class membership changes don't trigger an event to be sent to my endpoint.154Views0likes0CommentsData Group String Wildcard?
We just upgraded a pair of 8900's from v10.2.1 with v11.4.1 HF3 and noticed our data-group string list became unusable. We have been unable to edit or add any entry in the data-group after the upgrade. We called support and they advised us to use an External Data Group list and that isn't working at all. We've finally figured out a way to utilize the String/Value datagroup by simply adding an entry in both the String and Value section. For example, we added www.abc.com with the same syntax string in both areas "String" and "Value" and it works! Unfortunately now, we ran into another issue which we are not able to use wildcard values? For example, we get an error when we use a syntax with variable like "*" like *.abc.com. We were able to use this value before the upgrade, did something change in the new version 11.x? Please advise?729Views0likes2CommentsVariable Length URI Lookup
Problem this snippet solves: This iRule uses findclass to perform class lookup for URI's of varying path length, returning the value for the longest path matched. This example uses the lookup value for pool selection, but of course could be modified to send a redirect perform some other appropriate action. This rule should only be used on v9. If using v10 or v11, it's recommended to use "class match" instead of findclass. Code : when HTTP_REQUEST { set lookup [HTTP::path] set i 1 while { $i > 0 }{ set myPool [findclass $lookup $::myPools " "] if {$myPool != ""}{ pool $myPool # log local0. "Path: [HTTP::path] Pool: $myPool" break } else { set i [string last "/" [string range $lookup 0 [expr [string length $lookup]-2]]] set lookup [string range $lookup 0 $i] } } } ### Required Class: ### # (Note all paths are represented twice, once with a trailing slash and once without. # That format is critical for proper functioning of the iRule above if legal URI's for which # the match must succeed may be submitted without the trailing slash.) class myPools { "/this pool6" "/this/ pool6" "/this/is pool5" "/this/is/ pool5" "/this/is/my pool4" "/this/is/my/ pool4" "/this/is/my/path pool3" "/this/is/my/path/ pool3" "/this/is/my/path/ok pool2" "/this/is/my/path/ok/ pool2" "/this/is/my/path/ok/file.html pool1" } Tested this on version: 9.0413Views0likes1Comment