traffic policy
5 TopicsF5 LTM Traffic Policy - ignore action
In LTM Policy, when action set to "Ignore" - what is the outcome? Is the traffic that matches the ignore action rule, continues to the pool configured in VS and to the security Policy configured in VS. e.g AntiBot, DDOS profiles Update: Unable to publish this policy: Error: policy rule is missing an action controlling 'bot-defense'34Views0likes1CommentTraffic Policy to Split Content Between IIS Server and Cloud Provider - unexpected behavior
We are in the process of moving a website from an IIS web server farm out to a different cloud hosting provider. The root of the rewritten site will be on the cloud servers. Since not all of the old legacy applications have been rewritten, we will still be serve up some of the legacy web applications from the old IIS servers. To achieve this, we are using the following: VIP with a default pool "Cloud_Provider" . That pool contains the IP address of that provider. VIP has a Traffic Policy associated with it that has a rule of: Match all of the following conditions:HTTP URI path starts with any of: /oldapp1 at request time Do the following when the traffic is matched:Forward traffic to pool "IIS_pool" The following scenerios work as expected and correctly serve up the web content: https://HostName.com/(this successfully loads the site from the cloud provider) https://HostName.com/oldapp1(this successfully loads the legacy app from the IIS Servers) However...If we first go to https://HostName.com/oldapp1and successfully load that,then we remove "/oldapp1" from the address bar and hit Enter, it attempts to load the root of the site in IIS. Since there is no more root site (it is now living on the cloud provider as a rewritten site), it sees no content and spits out a 403 Forbidden message. What we are trying to solve is, why when running through that second scenerio, is the traffic not going through the Traffic Policy again and seeing "this request is not foroldapp1"so I will not forward the traffic... I will just use the default pool. Troublshooting steps taken so far: Tried changing the Persistence Profile on the VIP to: source_address, ssl, cookie, none. Put an index.html file at the root of the IIS web server and had it redirect to https://HostName.com. That resulted in an endless loop because it never left the IIS server to go back through the VIP. This is running on 15.1.5.1, with ASM.Solved2KViews0likes2CommentsiRule to insert header ntCoent-Length based in URI
Hello everyone, this time I ask for your help because I am trying to find the way to insert a header named ntCoent-Length which contains the total length in bytes of the content requested. I am balancing the pools based with URIs, which are contained in datagroups, so this insert just should be with certain URIs, contained in this example in the datagroup_C. I designed this iRule but when I tried to log the value it doesn't return nothing, so I am pretty sure it is not inserting the header and the value. when HTTP_REQUEST { if { [class match [HTTP::uri] starts_with "datag_A"] } { pool Pool_A } elseif { [class match [HTTP::uri] starts_with "datag_B"] } { pool Pool_B } elseif { [class match [HTTP::uri] starts_with "datag_C"] } { HTTP::collect set urimatch 1 pool Pool_C } elseif { pool Pool_default } } when HTTP_RESPONSE_DATA { if { [info exists urimatch] } { set ntCoent [HTTP::payload length] HTTP::release } } when HTTP_RESPONSE { if { [info exists urimatch] } { HTTP::header insert ntCoent-Length $ntCoent log local0. "HTTP ntCoent-Length header = [HTTP::header value "ntCoent-Length"]" } } I have tried a lot of iRules, but it seems this is closer, I also tried to do it by a Traffic Policy but I don't know how to trigger the HTTP::collect within the policy, my policy was moreless: Match the following conditions: HTTP URI PATH starts with /example at request Don the following: Insert HTTP Header named= ntCoent-Length with value [HTTP::payload length] at response time Log message The ntCoent-Lenght value is [HTTP::header value ntCoent-Length] at response time But it doesn't return any value, can you help me please or give me a hint. Thanks a lot!!!!!464Views0likes3CommentsF5 Traffic Policy - ignore action
hi All, When configuring policies in BigIP if I set a match and then leave the action to ignore what will this do? For my policy I want to drop NOT reset the packets if the http host does not contain a specific string. Does ignore mean that it will ignore the packet and drop it or ignore it and let it pass? I have looked around and can't find any documentation that provides this info. side note - I set my location as US when I signed up but now I can't change it. not a biggie but can a mod change it to UK?921Views0likes5CommentsCan an LTM traffic policy include the user's querystring in a redirect action?
Does anyone know if an LTM traffic policy (version 13.1) can include the user's original querystring in any redirect that it does? For example, my simple traffic policy has a rule that looks for this URI path: /testquery.html (there will be a dynamic, unpredictable query string also, but the match looks just at the URI path). Upon matching, the action it takes is a redirect to /testquery2.html. I want to include the same query string verbatim in the redirect destination. I've attempted to put "?[HTTP::query]" at the end of my redirect, hoping that perhaps it would take an iRule command like that, but I received an error message. Is there any other way to include this, such as a pre-populated variable or something? I know some fields in other parts of the product can take dynamic variables, even if it isn't always obvious. WHAT I AM LOOKING FOR IN AN ANSWER: I am not looking for iRule solutions that might do the same thing, so I respectfully request that you please don't post one as an answer. I know this can be done with an iRule, but to make this easy to maintain for those that come after me (who may not understand iRules), I am trying to find out if an LTM traffic policy can do this in an out of the box way, and if so how. If you can confirm that this is definitely not possible to do with the LTM traffic policy, that would be a good answer. But please make sure it's confirmed for certain, not just assumed. If there is another out of the box way to do this that I'm missing, that would also be a good answer. But other modules like ASM, APM, etc, are not licensed or provisioned, so I can't use features specific to those modules. I only have LTM to work with.Solved687Views0likes1Comment