iRule Query String Match and Redirect
I seem to be having difficulty finding too much on this and maybe it is as simple as it is, I am looking to perform a URI match with a few particular query strings and redirect to another website if the request is found. I have found a few articles indicating using a datagroup but this seems a bit excessive for the task I am looking at. Example: https://www.thedomain.com/dir1/index.html?newpath=Name1 -> https://www.newdomain.com/dir1/index.html?newpath=Name1 Is this as simple as something like: when HTTP_REQUEST { if { ( [string tolower [HTTP::host]] equals "www.thedomain.com" ) and ( [string tolower [HTTP::uri]] ends_with "Name1" ) } { HTTP::redirect "http://www.newdomain.com[HTTP::uri]" } } Will the query string after the "?" be picked up and carried over with [HTTP::uri]?
LTM Rewrite Profile for URI Translation
Anyone having success with this? I tried setting this up and cannot get it to work. My setup is a LTM VS with an APM policy applied. I created the rewrite profile from the LTM section and setup a URI/Server combination like: /SO_SO_IN --> https://backendserver.sample.com/my/new/uri/is/this I have an iRule setup for logging only and have events in to follow through the process. One of the events I have is the REWRITE_REQUEST_DONE and I never see it get triggered and the outgoing URL to the pool has the same host and uri in it. I am using this URL to get the image for the LTM/APM flow: https://devcentral.f5.com/articles/http-event-order-access-policy-manager Any thoughts for iRule logging to see if the rewrite profile is even being evaluated? I have set the APM log to debug and it looks like once it passes the ACL validation it passes straight back into the LTM. I have learned more about the F5 this week than I ever thought I would trying to figure this out and an issue with the LTM handing off to the APM when dealing with HTTP POST larger than around 64k.
Select clientssl profile based on uri pattern
Hello everyone, I need some help with this scenario. I've found similar questions and suggestions from devcentral memebers but I'm stuck and haven't been able to come up with a solution. I have an API Management solution published through a single Virtual Server in my BigIP. There are several API's present on this solution and I would like to enforce client authentication with SSL\TLS certificates, but requiring a specific certificate depending on which API they will be requesting. In other words, if I have a single VS where I if the request is to: myapidomain.com/api-companyA, then I want to request the client certificate of Company A if the request is to: myapidomain.com/api-companyB, , then I want to request the client certificate of Company B if the request is to: myapidomain.com/general-public-api, then I don't want to use client authentication, just present the server certificate I think that it all comes down to choosing a different clientssl profile based on the uri pattern, but: I can only inspect the http request after the TLS negotation has been completed using the default ssl profile of the VS I cannot use the command to change the ssl profile inside the HTTP REQUEST event I have seen some related questions where they suggest to do something like this. But they are changing the current ssl profile to request client authentication, instead of changing the ssl profile. For testing purposes, I have setup two client ssl profiles, each of them requiring client authentication but using different self signed certificates. when HTTP_REQUEST { switch -glob [HTTP::path] { "/api-companyA" { HTTP::collect SSL::session invalidate SSL::authenticate always SSL::authenticate depth 9 SSL::cert mode require SSL::renegotiate // Another post suggested using SSL::profile here to change the profile, but it is not allowed inside HTTP REQUEST } "/api-companyB" { HTTP::collect SSL::session invalidate SSL::authenticate always SSL::authenticate depth 9 SSL::cert mode require SSL::renegotiate } } } Would it be possible to use a flag variable for this? For example, start with a default value, change it within the HTTP_REQUEST event based on the URI, force an SSL\TLS renegotiation and then in a CLIENT_ACCEPTED event use the value of that variable to set the profile? I tried something like this but it seems that the CLIENT_ACCEPTED method does not fire after the SSL::renegotiate command is issued. when RULE_INIT { set ::count 0 } when CLIENT_ACCEPTED { if {$::count == 1} { SSL::profile profile_with_client_authentication_companyA } } when HTTP_REQUEST { switch -glob [HTTP::path] { "/supervielledev/public-partners/myloopbackapi" { set ::count 1 SSL::renegotiate } "/supervielledev/public-partners/myotherloopbackapi" { set ::count 2 SSL::renegotiate } } } Thanks in advance.iRule(s) using Data Group based on host and uri
So we are trying to implement single VIP (one Virtual IP) for multiple clients (websites) and would like to achieve that using iRules that has Data Group assigned. I was able to get the iRule working which has DG based on host. However I need to be able to accept certain requests based on couple of URIs as well. One of the URIs should work on port 80 and other on 85. Below is the iRule I have which works fine based on host for 443. when HTTP_REQUEST { set pool [class match -value -- [HTTP::host] equals test_url] if {$pool ne ""} { pool $pool } } How do I append or add more iRules to manage my URI based traffic? I believe iRule for port 80 URI needs to be on 80_VIP. Also we need to have http to https redirect rule for everything other than above specified URI. URIs are as below -- /XYZ.svc* -- port 80 /example/attach/ABC.svc* -- port 85 URI (string) will be same for all clients but the pool (value) is different. So how do I get the request go to the right pool based on URI as well as host in the prefix? In my tests, all requests made for different client websites are going to the first pool in the data group.iRule for load balancing to different virtual server depending on the URI path
Hi Guys, I have three Virtual Server to be configured on our LTM's which are running on the version 15.1.7. One virtual server is facing to client (let say VS-A) and contains two virtual server (let say VS-B and VS-C) that should be load balance. VS-B and VS-C need to load balance on the VS-A but the incoming traffic should be clasify use the uri /path. The conditions like this: if the uri contains /aa, /bb, /cc will be forward and load balance to VS-B and VS-VS-C. I tried to make irules like this: when HTTP_REQUEST { if { [HTTP::uri] contains "/aa,/bb,/cc" } { virtual VS_B } else { virtual VS_C } } But the results is traffic from the client always going to the VS-B, so the load balancing doesn't have running. I don't know it can be configured with the iRules or not, since I am not an expert in writing the iRules can anyone suggest me with the iRules that helps working the VIP as mentioned above. Appreciate any kind your insight. Thanks
Portion of iRule not being processed
I have combined multiple iRules into one, however the 2nd portion of the rule is not working. I have confirmed using logging that the URI is being caught, however redirection is not taking place. I believe I may not be nesting switch statements correctly. I have commented which parts of the script are working, and which section is not. Can anyone point me in the right direction? when HTTP_REQUEST { These DO work if { ([HTTP::host] equals "olddomain.com") } { switch -glob [HTTP::host] { "/" { HTTP::redirect "http://newdomain.com" } default { HTTP::redirect "http://newdomain.com[HTTP::uri]" } } } These do NOT work switch -glob [string tolower [HTTP::host]] { "oldforum.olddomain.com" { Check the URI, set to lowercase switch [string tolower [HTTP::query]] { "TID=" { HTTP::redirect "https://newforum.newdomain.com/default.aspx?g=posts&t=[URI::query [HTTP::uri] TID]" return } "FID=" { HTTP::redirect "https://newforum.newdomain.com/default.aspx?g=topics&f=[URI::query [HTTP::uri] FID]" return } "C=" { HTTP::redirect "https://newforum.newdomain.com/default.aspx?g=forum&c=[URI::query [HTTP::uri] C]" return } } } These DO work "*newdomain.com" - "*olddomain.com" { switch -glob [string tolower [HTTP::uri]] { "/someuri" { HTTP::redirect "http://newdomain.com/path-to/page.aspx" return } "/someuri2" { HTTP::redirect "http://http://newdomain.com/path-to/page.aspx" return } } } } }
