What could you do with your code in 20 Lines or Less? That's the question I ask (almost) every week for the devcentral community, and every week I go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head.

Today I bring you a few more fine examples of iRules kung fooery in a brief fashion.  These tidbits of iRuley goodness could be used by themselves, as the beginning to a bigger project or solution, or just to get the creative coding juices flowing for you to think of what you might need or want to do with iRules in your world.  To me, it’s just a great way to look at what’s being done, how people are using the technology, and what can be achieved in just a few lines of code.

 

Modifying Secure Access Manager session variables

http://devcentral.f5.com/wiki/default.aspx/iRules/Modifying_Secure_Access_Manager_v8_session_variables_with_a_cookie.html

From the CodeShare comes a very cool entry, complete with diagrams and pictures (yay pictures!), that shows us how we might use iRules in conjunction with another product. The author gives a full description in the link above, so follow that for all the details, but to quote briefly, “In this example, an external server is used to authenticate users before passing those authentication credentials over to the Secure Access Manager (SAM v8) using a cookie.” Cool stuff. The iRule is below but there’s more to this one so click on the link to check it out.

when HTTP_REQUEST {
  #Check to see if a cookie exists, otherwise no need to do anything.
  #You should probably also check to see if the session variables are already set before doing anything
  #as well, but this code is just for demonstration purposes.
  if { [HTTP::cookie exists MySAMCookie] } {
    #Log the session state - this is just for demonstration purposes
    #SAM allows you to gather the values of session variables with the SESSION::data command
    log local0. "Session ID is $tmm_fp_session_id and the status is [SESSION::data get $tmm_fp_session_id \"session.state\"]"

    #Use the SESSION command to set the userID and password
    #session variables to what was in the cookie.  The userID and password are just cookie values

    SESSION::data set $tmm_fp_session_id session.logon.last.username [HTTP::cookie MySAMUser]
    SESSION::data set $tmm_fp_session_id session.logon.last.password [HTTP::cookie MySAMpw]
  }
}

 

Replace absolute URLs in redirects

This one comes from email so there’s no link, but it’s straight-forward and well commented. The idea is a good one. If a URL is being passed through in the location header of a redirect and it’s an absolute location, change it to be relative.  Very handy.

# This will rewrite the Location header on a redirect from a absolute URL like
#
#        
http://host/images/ to /images/
# or
#         like
https://host/images/ to /images/
#
# The only case it will not handle is
http:/// which will get rewritten to "" which is invalid
#

when HTTP_RESPONSE {
  if { [HTTP::is_redirect] } {
    if { [HTTP::header "Location"] starts_with "http" } {
      HTTP::header replace "Location" [substr [HTTP::header "Location"] [string first "/" [HTTP::header "Location"] 8]]    
    }
  }        
}

 

Persisting on part of a cookie name

http://devcentral.f5.com/Default.aspx?tabid=53&forumid=5&postid=60792&view=topic

This user wanted to use cookie persistence but was looking to setup persistence for cookies that began with a certain string. This means he wanted to loop through all cookies and compare them each against a static search string. They figured out their own solution though, so kudos to them.

#HTTP responds catches the first responds from the node to back to the client.
#It checking all cookies in the header and grabs all starting with 1234.
#After it adds the cookie value to the persistence table and log values to syslog.
#Else persist the client for 60 minutes based on source IP with /32 mask and log values to syslog.

when HTTP_RESPONSE { 
  foreach a_cookie [HTTP::cookie names] {
    if {$a_cookie starts_with "1234"}{
      persist add uie [HTTP::cookie "$a_cookie"]
      log local0.debug "Cookie persist - client IP: [IP::client_addr], Cookie: $a_cookie, Server IP: [IP::server_addr]"
    } else { 
      persist source_addr 255.255.255.255 3600
      log local0.debug "Source persist - client IP: [IP::client_addr] , Server IP: [IP::server_addr], lookup [persist lookup uie [IP::client_addr]]"
    } 
  } 
}
#HTTP request catches the first responds from the node to back to the client.
#It checking all cookies in the header and grabs all starting with 1234.
#After it persist on the cookie value in the persistence table.
#Also, log values to syslog

when HTTP_REQUEST { 
  foreach a_cookie [HTTP::cookie names] {
    if {$a_cookie starts_with "1234"}{
      persist uie [HTTP::cookie "a_cookie"]
      log local0.debug "Client IP: [IP::client_addr], Cookie value: $a_cookie"
    } else { 
      persist uie [IP::client_addr]
      log local0.debug "Source IP Persistence used - Client IP: [IP::client_addr], Persistence entries used persist uie [persist lookup uie [IP::client_addr]]"
    } 
  }
}

There you have it, three more awesome iRule examples from three different sources. You’ve got to love that.  Keep those examples coming whether it’s in the forums or the CodeShare, and don’t forget you can always email me to toss out ideas, ask for things you’d like to see, discuss your favorite X-Men character, or whatever suits you.

#Colin