iRule to show banner while application maintenace
Dear Experts, Hope you are good, I am looking for an irule to display a banner while accessing the website by the user. Something like "website is under maintenance" I hope someone already used this before. Could you please share that irule. Thanks Adeel57Views0likes2CommentsHTTP Response from ILXPlugin
Hi DevCentral community! I am currently trying to develop an iRule ILXPlugin, which checks a client HTTP request for certain properties. If some condiditions don't match I would like to send an HTTP response error message from the ILXPlugin to the client (without further forwarding to the backend). If everything is valid I want to forward it to the respective backend pool member. Unfortunately, the ILXTransaction does not provide any real examples (other than the description) on how to use the methods respond and replaceBody to achieve this use case. You can find my current code below, whereas I am trying to send a response with a custom html body and HTTP status code 404: 'use strict'; var f5 = require('f5-nodejs'); var plugin = new f5.ILXPlugin(); var options = new f5.ILXPluginOptions(); options.handleServerData = false; options.handleServerResponse = false; options.handleClientData = false; options.handleClientOpen = true; plugin.on('initialized', function () { console.log('INITIALIZED'); }); plugin.on('connect', function(flow) { var tmmID = flow.tmmId(); var clientSourceAddress = flow.client.remoteAddress; flow.client.on('requestComplete', function(request) { var destinationHost = request.params.headers.host; var requestMethod = request.params.method; // Example if(requestMethod === 'POST') { request.replaceBody(); request.respond(); // Send response with body: 'ERROR RESPONSE!' and Status Code '404' flow.client.end(); } var options = new f5.ILXLbOptions(); options.pool = '/Common/api_pool'; flow.lbSelect(options); flow.client.allow(); request.complete(); }); flow.client.on('error', function(errorText) { console.error('client error event: ' + errorText); }); flow.server.on('error', function(errorText) { console.error('server error event: ' + errorText); }); flow.on('error', function(errorText) { console.error('flow error event: ' + errorText); }); }); plugin.start(options); I would appreciate any suggestions. Thank you in advance.406Views0likes4Commentsirule for URI based redirection and to the pool..
Hi, I'm looking for a short irule that helps in two ways. URI redirection Host based pool selection I currently have two irules, I'm looking for one combined irule that serves the purpose. Host to pool selection: when HTTP_REQUEST { switch -glob [ string tolower [HTTP::host]] { "eng.page3.com" { pool page3_https_pool } "eng.devpage3.pega.com" { pool devpage3_https_pool } default { HTTP::respond 404 noserver } } URI based redirection: when HTTP_REQUEST { if {[HTTP::uri] starts_with "/ClientService/BI-Integration/"} { switch -glob [string tolower [HTTP::host]] { "eng.page3.com" {HTTP::redirect "/clientapp[HTTP::uri]"} } } } Can someone help me with a irule that gives me the combined features of both. I don't like to use two separate irules on the same VIP, so checking if there is any better option.276Views0likes1CommentHTTP::respond and header request modifications
Hey everyone. Trying to federate AWS S3 and an on premises S3 compliant storage box with iRules/iRulesLX. The calling client connecting to the BigIP will by default have the access key and secret key of the on premises S3 storage, but using the javascript aws-sdk with iRulesLX and determining that the object is in AWS S3 (HEAD request) I generate a new signature for AWS S3 and respond to iRules with that information. I use the signature with an HTTP::respond as such: HTTP::respond 302 noserver Location "$host" Authorization "$authorization" X-Amz-Date "$xamzdate" X-Amz-Content-Sha256 "$xamzcontentsha256" Problem I am seeing is that it does not appear that the HTTP::respond action with the headers is actually modifying the headers (Authorization, X-Amz-Date etc.) request during the 302. I get back a HTTP 403 with InvalidAccessKeyId: The Access Key ID you provided does not exist in our records. Looking at the client response, I see the raw request still has the Authentication string for the on premises S3 storage. Am I going about this wrong? Still new to iRules and the F5. Thanks for the help!657Views0likes6CommentsStrip HTTP Origin header based on its value before hit the ASM
Hi Everyone Our app using CORS, and it's working normally with correct origin headers: Origin: "://" [ ":" ] But also all mobile clients sending Origin header with value 'file://' this causes (Illegal cross-origin request) POST /xxx/yyy HTTP/1.1 Host: ddd:8001 Connection: keep-alive Content-Length: 2 Accept: application/json, text/plain, */* Origin: file:// i want to add iRule to Strip this header Origin: file:// before hit the ASM and allow normal Origin headers like: Origin: https://xyz.com:8080 Origin: https://xyz.com:8090384Views0likes1CommentiRulesLX: Invalid command name
I want to write an ILX solution that generates OTPs. This ILX is then called within a APM session profile and the OTP value is used throughout the authentication process. I have an irule agent in the access policy that calls an irule, who then calls ILX. ILX generates the OTP and, for now, replies back to TCL who simply outputs it in the LTM log file. Later, this will change and the script will set a session variable. However, the ILX::call throws an error: Rule /Common/otpgen_pl/otpgen <ACCESS_POLICY_AGENT_EVENT>: ILX failure: invalid command name "abc123" This is the TCL: when ACCESS_POLICY_AGENT_EVENT { set handle [ILX::init "otpgen_pl" "otpgen_ext"] if {[catch [ILX::call $handle "otpgen"] result]} { log local0.error"ILX failure: $result" return } log local0.error"OTP generated successfully: $result" } This is the node.js: var f5 = require('f5-nodejs'); var ilx = new f5.ILXServer(); ilx.addMethod('otpgen', function (req, res) { res.reply('abc123'); }); ilx.listen(); I don't get the error message, how is the return string an "invalid command"?Solved778Views0likes2CommentsURL Rewrite - Closes TLS session
I need to rewrite the client request to a form that the server needs. Example: apps.svr1.oscplatform.site/rewrite/example-app-name/blah to this: example-app-name.apps.svr1.oscplatform.site/blah I have a rule working using HTTP_REQUEST event. PROBLEM: The TLS session to the client is invalidated when I change the host. So every single call has to do TLS handshake again. Is there a way to prevent host header change killing the TLS session? when HTTP_REQUEST { #log local0. "host: [HTTP::host], uri: [HTTP::uri]" switch -glob [string tolower [HTTP::host]] { "apps.svr1.oscplatform.site" - "apps.svr2.oscplatform.site" - "apps.svr3.oscplatform.site" { # Example rewrite URL: # apps.svr1.oscplatform.site/rerwite/example-app-name/blah # Result after rule: # example-app-name.apps.svr1.oscplatform.site/blah # Removed the /rewrite/ set svc_uri [substr [HTTP::uri] 9] #log local0. "svc_uri: $svc_uri" # Splits the remaining URI into service name and original URI. # systemdates-mwa/blah becomes systemdates-mwa and /blah set part_count [scan $svc_uri {%[^?/#]%s} svc uri] # If there was no original URI update it to blank. if { $part_count == 1 } { set uri "" } #log local0. "host: $svc.[HTTP::host] uri: '$uri'" # Set the new host value. HTTP::host "$svc.[HTTP::host]" # Update URI to the correct value. HTTP::uri "$uri" } } # Set the value used in the SNI extension record. # This is used in the SSL handshake to the destination server. # This is how we implement SSL Bridging with a possible URL rewrite in the middle. set sni_value [HTTP::host] } when SERVERSSL_CLIENTHELLO_SEND { #log local0. "sni_value: $sni_value" # SNI extension record as defined in RFC 3546/3.1 # # - TLS Extension Type = int16( 0 = SNI ) # - TLS Extension Length = int16( $sni_length + 5 byte ) # - SNI Record Length = int16( $sni_length + 3 byte) # - SNI Record Type = int8( 0 = HOST ) # - SNI Record Value Length = int16( $sni_length ) # - SNI Record Value = str( $sni_value ) # # Calculate the length of the SNI value, Compute the SNI Record / TLS extension fields and add the result to the SERVERSSL_CLIENTHELLO SSL::extensions insert [binary format SSScSa* 0 [expr { [set sni_length [string length $sni_value]] + 5 }] [expr { $sni_length + 3 }] 0 $sni_length $sni_value] }413Views0likes1Commentelse not working
when HTTP_REQUEST { if { [string tolower [HTTP::uri]] equals "Microsoft-Server-ActiveSync" || [string tolower [HTTP::uri]] equals "EWS" } { sent to default pool pool WB_getmail.warnerbros.com_HTTPS } else { redirect to outlook.office.com HTTP::redirect https://outlook.office.com/owa/warnerbros.com } }174Views0likes2CommentsiRule error after upgrade version (Operation not supported. Multiple redirect/respond invocations not allowed)
Hi, good afternoon. After upgrade a BIG IP OS from 10.2.4 to 11.5.1 HF10, I started to see a lot of errors in LTM log. I have many iRules in my system and many of those iRules are givin me "Operation not supported. Multiple redirect/respond invocations not allowed" errors. I have here a simple iRule like when HTTP_REQUEST { if { [string tolower [HTTP::path]] equals "/something.txt" } { HTTP::respond 200 content "User-agent: * \nDisallow: /somretyhing.pe \nAllow: /" return } } And this irule is givin the error I said. And many other are like these and is giving the operation not supported error. Please help, someone see that before? Thanks.456Views0likes12Commentsirule to divert traffic - Not Working
when HTTP_REQUEST { set referrer_host [URI::host [HTTP::header value Referer]] if { $referrer_host equals "jiratest.corp.chartercom.com"} { if { [string tolower [HTTP::uri]] contains "/rest/" } { pool JIRA-test-pool } } if { $referrer_host not equals "jiratest.corp.chartercom.com" } { if { [string tolower [HTTP::uri]] contains "/rest/" } { if { [string tolower [HTTP::uri]] equals "/login.jsp" }{ pool JIRA-test-pool } else{ pool JIRA-test-external-pool } } } pool JIRA-test-pool } Error: 01070151:3: Rule [/Common/jira-divertingtraffic] error: /Common/jira-divertingtraffic:13: error: [parse error: PARSE syntax 247 {syntax error in expression " $referrer_host not equals "jiratest.corp.chartercom.com" ": extra tokens at end of expression}][{ $referrer_host not equals "jiratest.corp.chartercom.com" }] /Common/jira-divertingtraffic:18: error: [undefined procedure: else{][else{] Someone please help me. I am new to this.351Views0likes1Comment