Project Chain Links Challenge 2: Modifying a Codeshare Example
For the background and introduction to this series, click here. The TL;DR for Project Chain Links is to: Present a clear problem to solve Make sure the problem is small enough to tackle quickly Provide a solution a few days later for validation And with that, let's get on with it! Challenge #2 The background: A coworker is trying to create some basic access controls for a web application and finds a codeshare entry on DevCentral that looks like it will fit the need. The problem: The codeshare entry is quite dated, and was tested for BIG-IP version 9.4. You run BIG-IP version 14.1, so you need to research the iRule presented in the codeshare entry: Will it work as is? If it doesn't work, what are the minimal changes you will have to make? Solution: Your solution should result in a functional iRule and any other helper objects that successfully blocks access to your web app if not sourced from any of five different IP address ranges. Bonus challenge: Alter the solution to support 20 different IP address ranges, if necessary Alter the solution again to support 100 different IP address ranges, if necessary Alter the solution to only block access to the web app based on source IP if the URL begins https://www.nerdknobs.local/admin-portal/ Questions for understanding: In what situations should you analyze and potentially refactor iRules? How might you use the iRules documentation to inform your refactoring efforts? How might you use performance testing to inform your refactoring efforts?Project Chain Links: Introduction
Hey there, community! Many moons ago my good friend and colleague "THE" Colin Walker started a series of iRules challenges for our sales engineers at their new hire boot camps and then published the results here at DevCentral. Personally, I have used Project Euler for my own development or for mentoring students I've worked with. In shoring up my own python language-specific skills, I use PyBites and Python Morsels. All these are great for the busy technologist because they offer three things: A clear problem to solve A focused, bite-sized problem that can be tackled at lunch or on a break A solution to validate your efforts That brings me to the point of this new article series. The idea is to release a challenge on a frequent basis with a solution released the following week in a GitHub repo. Different from Colin’s original series? It will not be limited to iRules. It could be solution oriented, an investigation into the power of a command line tool, or any number of API-related queries. Final order of business before jumping in: why the name? Well, it’s an homage and/or an amalgamation of Project Euler, the BIG-IP hud chain, and the F5 automation toolchain. The goal here is to build the requisite skills bite by bite to connect all these chainlinks into a suite of skills at your disposal. Challenge #1 The background: DC Nerd Life, Inc has one public facing web application with an FQDN of www.nerdlife.local. This application is offloaded at their BIG-IP that has a single public IP address available to host the website and two servers serving content via the http protocol. The problem: Management has an immediate requirement to stand up a new web application with a different FQDN of www.nerdknobs.local. There is no additional IP space for you to use. How do you manage this new requirement? Solution: Your solution should result in a BIG-IP configuration consisting of two servers in a pool, the necessary profiles, and the virtual server configuration. Bonus challenge: If instead of www.nerdknobs.local, the new FQDN was my.nerdlife.local. How, if at all, might your solution look different? Questions for understanding: How does the TLS handshake make this solution possible? Before your solution is in place, what happens on the client and server side for requests to an unknown application? After your solution is in place, what happens on the client and server side for requests to the known applications? What about unknown applications? What happens for clients that don’t support the solution? Update: The solution has been published. If you haven't attempted the challenge, hold off and give it a shot!
