persist
3 TopicsConvert HTTP iRule to TCP
We have a client/server application that uses a private written client that connects to a server through the LTM. The client app is installed on the users local workstation and then is used to connect to a virtual server on our LTM. The client sends the initial connection request as a malformed header which contains a session id that is then used for persistence. The current iRule we are using contains HTTP commands, so a HTTP profile is required on the virtual server. But, since this not a true HTTP application, we have some issues when using the HTTP profile. So, I am trying to convert the existing iRule from using the HTTP commands and try and use the TCP payload to get the session id. I am an amateur iRule creator, so I was hoping to get some help and to even see if this is possible. The current iRule is listed below. I want to achieve the same result but with using the TCP payload. That way the HTTP profile will not be needed. Current iRule when RULE_INIT { #Sets logging level (0 = no logging 1 = logging) set ::debug 0 #Sets persistence timeout in seconds set ::timeout 900 } when HTTP_REQUEST { #Checks if Content-Session header exists if { [HTTP::header exists "Content-Session"] }{ #Grab Content-Session header value set sessionid [HTTP::header "Content-Session"] if {$::debug}{ log local0. "Content-Session value for [IP::client_addr] is: $sessionid"} #Persist connection based on Content-Session value catch { persist uie $sessionid $::timeout } } } when HTTP_RESPONSE { #Checks for Content-Session header if { [HTTP::header exists "Content-Session"] }{ #Grap Content-Session header value set sessionid [HTTP::header "Content-Session"] if {$::debug}{ log local0. "Content-Session value for [IP::remote_addr] is: $sessionid"} #Setup Persistence record catch { persist add uie $sessionid $::timeout } } }541Views0likes2CommentsPersistence: HTTP 200 OK to client hangs when server sends HTTP responses with Transfer-Encoding: chunked
All my problems come because I need an irule to persist sessions based on an specific field that goes through inside an HTTP packet. First the client need to do a Login and with the response we persist the session_id. HTTP POST HTTP 200 OK (session_id) HTTP GET (session_id) With the following irule i'm able to do that if the response comes with the header content-length. The problem is that we discovered that if the 200 OK from Login comes with Transfer-Encoding: chunked the 200 OK is received by F5 but the 200 OK that has to be sent to the client not. Bigip persists the connection but the connection between bigip and the client hangs and we are not sending the 200 OK to the client till the client closes the connection (tcp), after 60 seconds we saw the FIN,ACK and then the bigip sends the 200 OK to the client. 😞 when HTTP_REQUEST { log local0. "HTTP_REQUEST" if {[HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] <= 1048576}{ set content_length [HTTP::header "Content-Length"] } else { set content_length 1048576 } if { $content_length > 0} { HTTP::collect $content_length } } when HTTP_REQUEST_DATA { set SessionId [findstr [HTTP::payload] "SessionId>" 10 "<"] if { not ([string length $SessionId] == 0) } { log local0. "Persist in HTTP_REQUEST_DATA for not login operations $SessionId" persist uie $SessionId 300 } } when HTTP_RESPONSE { if {[HTTP::header exists "Content-Length"] && [HTTP::header "Content-Length"] <= 1048577}{ set content_length [HTTP::header "Content-Length"] } else { set content_length 1048577 } if { $content_length > 0} { HTTP::collect $content_length } } when HTTP_RESPONSE_DATA { set SessionId [findstr [HTTP::payload] "sessionId>" 10 "<"] if {[HTTP::payload] contains "Login"} { log local0. "Persist in HTTP_RESPONSE_DATA for login $SessionId" catch { persist add uie $SessionId 300 } } } ` This is the configuration of the rest of the elements. `ltm virtual /Common/VS_TEST { destination /Common/10.105.108.5:8998 ip-protocol tcp mask 255.255.255.255 persist { /Common/sessionid_profile { default yes } } pool /Common/OPCO1_INT_PROV_AGENT_Pool profiles { /Common/http { } /Common/oneconnect { } /Common/tcp { } } source 0.0.0.0/0 source-address-translation { type automap } translate-address enabled translate-port enabled } I tried also changing the http profile, but it didn't solve my problem. Best Regards and Thanks in advance. Victor Jori399Views0likes1CommentCreating iRule for Persistence Profile
Dear Community, Could you assist me in creating an iRule for a Persistence Profile requirement related to an SSO application? When users access our application via desktop, they are presented with a QR code for scanning through a mobile app to authenticate and gain access. The issue arises when, after browsing the website from the desktop (with the session routed to one node via F5 LTM), another request from the mobile app after scanning the QR code is routed to a different node. Ideally, both requests should be directed to the same node. To resolve this, the iRule needs to compare the var topic parameter with the QR_AUTHENTICATION_CHANNEL_ID from the mobile request and ensure both are directed to the same node attached is the screenshot of the code and HTML code of the website /*<![CDATA[*/ var endpoint = "\/qr-websocket"; var topic = "80f95f6f-cecf-4ab6-a70b-1196194e4baa"; var prefix = "\/qrtopic"; var stompClient = null; $(function () { var socket = new SockJS(endpoint); stompClient = Stomp.over(socket); stompClient.connect({}, function (frame) { stompClient.subscribe(prefix + '/' + topic + '/verify', function (result) { console.log(result.body); let body = JSON.parse(result.body); if (body.error) { $("#qrerror").show(); } else if (body.success) { stompClient.disconnect(); $("#qrerror").hide(); $("#qrform #token").val(body.token); $("#qrform #deviceId").val(body.deviceId); $("#qrform").submit(); } }); }); }); /*]]>*/ Regards Omran Mohamed53Views0likes1Comment