f5irule
11 TopicsLTM OneConnect Profile for short API http request
We have some client using API calls to our servers and they are short live request, these web servers are not browsable they just serve API. We have notice request rate is very high which i am seeing 900 TLS almost and i have notice our Web (apache) getting timeout sometime because of very high connection rate on webserver on netstat i am seeing thousands of TIME_WAIT so definitely my server running out of resources even server CPU load is 1% or 2% We are thinking to use OneConnect Profile but not sure its going to benefit us or not and how? I read about OneConnect profile but i am little confused and need some advice how we should utilize it. Question: If we use OneConnect does that means it will open only few connection to server right? We are using Auto Map SNAT so what will be impact on OneConnect Profile also we are using XFF feature to extract client IP. What if we disable HTTP 1.1 on apache webserver which will close connection faster in that case how does OneConnect profile behave? for test i have enabled oneconnect profile on our Dev LTM and send some http request from multiple but i am seeing its opening individual connect to server and not bundle them in single connection (We are using Mask 0.0.0.0) is that how openconnect works?302Views0likes2CommentsiRule to block string in header and display blocking page
I am wondering if I can create an iRule to block a request if a certain string appears anywhere in the header. For example, it would be something like... when HTTP_REQUEST { if { [HTTP::header "User-Agent"] contains "test1234" } { drop return } } Except I would not want the block to be limited to the User-Agent. I would want it to be blocked no matter where "test1234" appeared in the header. A follow-up to that would be if I can also have this iRule display the blocking page with a SupportID. I would like those testing to be able to have visual confirmation to see it worked and so they can easily share it with others.394Views0likes2CommentsiRule for blocking specific string in header & displaying blocking page
I am wondering if I can create an iRule to block a request if a certain string appears anywhere in the header. For example, it would be something like... when HTTP_REQUEST { if { [HTTP::header "User-Agent"] contains "test1234" } { drop return } } Except I would not want the block to be limited to the User-Agent. I would want it to be blocked no matter where "test1234" appeared in the header. A follow-up to that would be if I can also have this iRule display the blocking page with a SupportID. I would like those testing to be able to have visual confirmation to see it worked and so they can easily share it with others.Solved1.1KViews0likes3Commentsirule to loadbalance and for header replace
I have 2 servers a.com and b.com which needs to be load balanced through F5, and the FQDN for the service would be c.com. The hostname c.com is not configured in either of the servers a.com or b.com. When traffic hits the F5 as c.com, F5 needs to load balance the traffic by changing the HTTP::host to a.com or b.com based on the server that gets the connection. This is the iRule that I try, but unable to fetch the results: when CLIENT_ACCEPTED { Returns 1 or 2 based on IP set poolselection [expr {[crc32 [IP::client_addr]] % 2 }] if { $poolselection eq 1 } { if { [active_members A] > 0 } { set server 1 pool A } else { set server 2 pool B } } else { if { [active_members B] > 0 } { set server 2 pool B } else { set server 1 pool A } } } when HTTP_REQUEST { if { $server eq 1 } { if { [string tolower [HTTP::host]] eq "c.com" } { STREAM::disable HTTP::header remove "Accept-Encoding" HTTP::header replace "Host" "a.com" pool A } } if { $server eq 2 } { if { [string tolower [HTTP::host]] eq "c.com" } { STREAM::disable HTTP::header remove "Accept-Encoding" HTTP::header replace "Host" "b.com" pool B } } } when HTTP_RESPONSE { Check if response type is text if {[HTTP::header value Content-Type] contains "text" } { Replace URL STREAM::expression {@a.com@c.com@@b.com@c.com@} Enable the stream filter for this response only STREAM::enable } } What am I missing?244Views0likes1CommentIrule to resolve pool members dns names over the Internet.
Hi Guys How to create an Irule, which resolves the pool members dns ip's? without specifically inputting the specific dns entry of the pool members? In a nutshell, i want to create an irule, which resolves the pool members dns ip's, without mentioned their dns entries? Regards450Views0likes6CommentsMultiple port monitoring on LTM
I need help to write an iRule which helps to monitor three different service ports running on member server. I have a web-server which accept connections on port 5555 but internally this service depends on service port 8024 or 8026. F5 should monitor all these three ports but bring down node when both 8024 and 8026 stop responding. Member web server should remain UP till either of service port 8024 or 8026 responding well. Same time I want active monitoring on port 5555 which means if port 5555 stop responding, member server status should be Down irrespective status of port 8024 and port 8026. Port 5555 support https and rest two ports HTTP. Thanks, Mihir531Views0likes2CommentsUse iRule to SNAT based on Destination IP address without using a SNAT Pool.
I've seen an answer for a similar question on here, but the solution was to use a SNAT pool. Here's my situation: ServerA that needs to reach out to an external IP address. ServerA is in a SNAT pool already with two other servers. The other two servers cannot have access to this external IP address ServerA cannot be added to a second SNAT pool. So what I was hoping to do was to be able to write an iRule (or preferably apply a Local Traffic Policy) that would SNAT traffic from ServerA to a specific IP address when it is going to this particular external IP address. Any suggestions? Thanks.359Views0likes1CommentUser ID based pool selection
hi there! I am trying to write one iRule to select the pool based on user ID. For example, when the user tries to login, grab the ID of test1@example.com and send to pool1 and for other user ID test2@example.com send to pool2. Essentially, after successfully logged in have tried to save the user ID in the table. However, the issue is when test1 logs in, test2 cannot login. Not sure what I am doing wrong. Is there any limitation on table? I assumed it should be session based when used from different browsers. Any help on this will be highly appreciated. F5 version: 12.1 Cheers. Best regards Hyder306Views0likes4CommentsRedirect on multiple conditions URI & Query
Hi Guys, This is my first time at DevCentral. I need help. The requirement are when f5 see URI ( https://abc.xyz.com/shop/window.yes) and query (car=true) then redirect to url (https://abc.xyz.com/shop/door.yes?car=ture) if query car=false do nothing. means if some try https://abc.xyz.com/shop/window.yes?car=ture url should redirect to https://abc.xyz.com/shop/door.yes?car=ture here is a irule what I am using but it is not working, can someone tell me what is wrong. when HTTP_REQUEST { if { [string tolower [URI::query [HTTP::uri] "cart" ] ] equals "true" } { switch -glob [string tolower [HTTP::path]] { "/shop/window.yes*" { HTTP::redirect "[HTTP::host]/shop/door.yes?[HTTP::query]" } } } }365Views0likes3CommentsiRule Redirection
This is a redirection rule from https://xyz.co.uk to https://abc.co.uk But only 1 in 10 requests should redirect initially. Follwing is the iRule I have implemented but it gets redirected even in 20th and 23rd attempts as well . I need exactly 1 in 10 requests to be redirected. Can someone please help ? when RULE_INIT { set static::cookie_name "abc-stg" ; set static::threshold 10 ;} when HTTP_REQUEST { set cookie_value -1 if {[HTTP::cookie exists $static::cookie_name]} { set cookie_value [HTTP::cookie value $static::cookie_name] if {![regexp {^\d+$} $cookie_value]} { set cookie_value -1 } elseif {$cookie_value < 0 || $cookie_value > 99} { set cookie_value -1 } } if {$cookie_value == -1} { set cookie_value [expr {int(rand()*100)}] HTTP::cookie insert name $static::cookie_name value $cookie_value } if {$cookie_value < $static::threshold} { HTTP::redirect "; } }263Views0likes3Comments