Forum Discussion

Chris_Schaerli_'s avatar
Chris_Schaerli_
Icon for Nimbostratus rankNimbostratus
May 12, 2008

Redirect or rewrite?

Hi,

 

 

I am trying to setup something to direct traffic based on source IP. We are rolling out an application and we want to do it in phased approach.

 

 

 

This is what I had to start.

 

 

when HTTP_REQUEST {

 

if { [IP::addr [IP::remote_addr] equals 10.32.186.0/255.255.252.0] } {

 

HTTP::redirect “https://site.com/portal/site/NEW"

 

} elseif {[IP::addr [IP::remote_addr] equals 10.20.20.0/255.255.252.0] } {

 

HTTP::redirect http://site.com/portal/site/OLD

 

} elseif {[IP::addr [IP::remote_addr] equals 10.0.0.0/255.0.0.0] } {

 

HTTP::redirect "https://site.com/portal/site/OLD"

 

}

 

}

 

 

I applied this Irule to both VIPS for http://site.com and https://site.com , but I found when I my traffic was looping. I guess I can’t redirect on the same VIP that I want to direct traffic to? Do I have to use a URL instead of a redirect?

 

 

when HTTP_REQUEST {

 

if { [IP::addr [IP::remote_addr] equals 10.32.186.0/255.255.252.0] } {

 

HTTP:uri "https://site.com/portal/site/NEW"

 

}elseif {[IP::addr [IP::remote_addr] equals 10.32.186.0/255.255.252.0] } {

 

HTTP:uri "http://site.com/portal/site/OLD"

 

} elseif {[IP::addr [IP::remote_addr] equals 10.0.0.0/255.0.0.0] } {

 

HTTP::uri "https://site.com/portal/site/OLD"

 

}

 

}

 

 

Thanks,

 

 

Chris

 

application delivery
dev
devops
iRules

13 Replies

Sort By
Show More
  • Nicolas_Menant's avatar
    Nicolas_Menant
    Icon for Employee rankEmployee
    May 15, 2008
    Hi,

     

     

    I would advise not to use matches_regex since it will take more CPU. Regular expression is really CPU expensive:

     

     

     
   when HTTP_REQUEST {    
     if { [string tolower [HTTP::path]] eq "/foo/"} {    
       if {([IP::addr [IP::remote_addr] equals 10.12.126.248/255.255.255.255]) or    
       ([IP::addr [IP::remote_addr] equals 10.12.126.249/255.255.255.255]) or   
       ([IP::addr [IP::remote_addr] equals 10.12.126.250/255.255.255.255]) or   
       ([IP::addr [IP::remote_addr] equals 10.24.69.2/255.255.255.255])   
       } {    
         pool FOO.com-80    
       }    
     } elseif {[IP::addr [IP::remote_addr] equals 10.0.0.0/255.0.0.0] } {    
       HTTP::redirect "http://www.NEW.com"   
     }    
   }

     

     

    In this code [HTTP::path] will return the Path AND the object name. May it be the reason why it doesn't match? Click here

     

     

    You should try to replace the eq by contains or starts_with w(starts_with will be more efficient)

     

     

    Can you update your iRule with troubleshooting information and give us the logging (is it in /var/log/ltm)

     

     

     
   when HTTP_REQUEST {    
     log local0. "---------NEW REQUEST--------------" 
     log local0. "uri is: [HTTP::uri]" 
     log local0. "IP is: [IP::remote_addr]" 
     if { [string tolower [HTTP::uri]] starts_with "/foo/"} { 
       log local0. "Starting uri with /foo/" 
       if {([IP::addr [IP::remote_addr] equals 10.12.126.248/255.255.255.255]) or    
       ([IP::addr [IP::remote_addr] equals 10.12.126.249/255.255.255.255]) or   
       ([IP::addr [IP::remote_addr] equals 10.12.126.250/255.255.255.255]) or   
       ([IP::addr [IP::remote_addr] equals 10.24.69.2/255.255.255.255])   
       } {    
         log local0. "sending to pool FOO.com-80" 
         pool FOO.com-80    
       }    
     } elseif {[IP::addr [IP::remote_addr] equals 10.0.0.0/255.0.0.0] } { 
       log local0. "Redirecting user..."    
       HTTP::redirect "http://www.NEW.com"   
     }  else { 
        log local0. "No matched occured for this request" 
    }  
   }

     

     

    I added a last else statement for more logging information. Once it is fixed you should of course remove it

     

     

    HTH
  • Chris_Schaerli_'s avatar
    Chris_Schaerli_
    Icon for Nimbostratus rankNimbostratus
    May 15, 2008
    I tried testing with the debug statements in. I ran from my test machine(10.24.69.2) and the logs looked good.

     

    Rule HTTP-PROXY-VGN HTTP_REQUEST: ---------NEW REQUEST--------------

     

    Rule HTTP-PROXY-VGN HTTP_REQUEST: uri is: /FOO/webservice/FOO?wsdl

     

    Rule HTTP-PROXY-VGN HTTP_REQUEST: IP is: 10.24.69.2

     

    Rule HTTP-PROXY-VGN HTTP_REQUEST: Starting uri with /FOO/

     

    Rule HTTP-PROXY-VGN HTTP_REQUEST: sending to pool FOO.com-80

     

     

    When I removed my test IP from the rule I was still getting sent to the pool. One thing I did not understand is that I was still getting sent to the pool, but I never see the debug statement stating I am being sent to the pool.

     

     

    I ran this test twice.

     

     

    Rule HTTP-PROXY-FOO HTTP_REQUEST: ---------NEW REQUEST--------------

     

    Rule HTTP-PROXY-FOO HTTP_REQUEST: uri is: /FOO/webservice/FOO?wsdl

     

    Rule HTTP-PROXY-FOO HTTP_REQUEST: IP is: 10.24.69.2

     

    Rule HTTP-PROXY-FOO HTTP_REQUEST: Starting uri with /FOO/

     

    Rule HTTP-PROXY-FOO HTTP_REQUEST: ---------NEW REQUEST--------------

     

    Rule HTTP-PROXY-FOO HTTP_REQUEST: uri is: /FOO/webservice/FOO?wsdl

     

    Rule HTTP-PROXY-FOO HTTP_REQUEST: IP is: 10.24.69.2

     

    Rule HTTP-PROXY-FOO HTTP_REQUEST: Starting uri with /FOO/

     

     

  • Chris_Schaerli_'s avatar
    Chris_Schaerli_
    Icon for Nimbostratus rankNimbostratus
    May 15, 2008
    Think I have the problem figured out. It works when I have a second elseif.

     

     

    when HTTP_REQUEST {

     

    log local0. "---------NEW REQUEST--------------"

     

    log local0. "uri is: [HTTP::uri]"

     

    log local0. "IP is: [IP::remote_addr]"

     

    if { [string tolower [HTTP::path]] starts_with "/FOO" } {

     

    log local0. "Starting uri with /FOO"

     

    if {([IP::addr [IP::remote_addr] equals 10.12.126.248/255.255.255.255]) or

     

    ([IP::addr [IP::remote_addr] equals 10.12.126.249/255.255.255.255]) or

     

    ([IP::addr [IP::remote_addr] equals 10.12.126.250/255.255.255.255]) or

     

    ([IP::addr [IP::remote_addr] equals 10.32.186.0/255.255.252.0]) or

     

    ([IP::addr [IP::remote_addr] equals 10.34.186.0/255.255.252.0]) or

     

    ([IP::addr [IP::remote_addr] equals 10.24.69.2/255.255.255.255])

     

    } {

     

    log local0. "sending to pool FOO.COM"

     

    pool FOO.COM-80

     

    } elseif {[IP::addr [IP::remote_addr] equals 10.0.0.0/255.0.0.0] } {

     

    log local0. "Redirecting user..."

     

    HTTP::redirect "http://www.NEW.com"

     

    }

     

    } elseif {[IP::addr [IP::remote_addr] equals 10.0.0.0/255.0.0.0] } {

     

    log local0. "Redirecting user..."

     

    HTTP::redirect "http://www.NEW.com"

     

    } else {

     

    log local0. "No matched occured for this request"

     

    }

     

    }