What could you do with your code in 20 Lines or Less? That's the question I ask (almost) every week for the devcentral community, and every week I go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head.

With the onslaught of work required to get DC5 up and running it’s been a while since I’ve offered some cool iRule goodness to the community from the community.  There have been plenty of examples cruising through the forums, that’s for sure, I just haven’t had the time to comb through all of them or write them up.  Now that I can again see the light of day, allow me to share a some good ones with you.

 

Disabling SSL to one backend pool

We’ve looked at ways to selectively disable SSL before, but this example had an interesting twist that I thought was…well…interesting.  The idea here is to selectively disable SSL only on the back end of the connection, not the entire thing.  The client should always be encrypted but the server can, in some cases, be plain-text to try and cut down on overhead.  Cool idea, and here’s a look at how to make it work, according to a good example by user Alok.

when HTTP_REQUEST {
  set my_uri [string tolower [HTTP::uri]]
  if { $my_uri starts_with "/secure" } {
    pool ssl__pool
  } else {
    SSL::disable serverside
  pool static_pool
  }
}

 

Hash persistence based on true-client IP

Here’s a user that’s trying to work around a limitation in the content distribution service they’re using.  They want to use an iRule to perform hash based persistence based on a header supplied giving the client’s IP address.  Hoolio, as is often the case, springs into action and whips up a nifty little example making use of lindex and active_members –list that gets the job done.

# Check if the active_members command returns an entry which can be split on a space into two variables
if {[active_members app_http_pool]}{
   if {[scan [lindex [active_members –list app_http_pool] [expr {[md5 $tcip_header] % [active_members app_http_pool]}]] {%s %s} ip port] == 2}{
      # Select the pool member IP and port
      pool app_http_pool member $ip $port

      # Exit from this event in this rule
      return
   }
   # Take some default action if the pool is down or scan didn't parse the output?
}

 

Removing port numbers from redirects

If you’re looking to strip port locations from your redirects, then boy do I have the rule for you.  Well, it’s not my rule, really, but I get to share more of Aaron’s work with you, which is a regular and enjoyable part of my jobs these days, it seems.  The one man juggernaut has knocked out a quick little header replacement rule using string map and the fun HTTP::is_redirect command to get this job done. 

when HTTP_RESPONSE {
   if { [HTTP::is_redirect] } {
      if { [HTTP::header Location] contains "www.acme.com:10040" } {
         log local0. "Original Location value: [HTTP::header Location]"
         HTTP::header replace Location [string map -nocase {www.acme.com:10400 www.acme.com} [HTTP::header value Location]]
      }
   }
}
when HTTP_RESPONSE priority 501 {
   if { [HTTP::is_redirect] } {

      # Debug logging only. Remove this event once done testing
      log local0. "Updated Location value: [HTTP::header Location]"
   }
}

Check back next week for some more examples of awesome things you can do with iRules in only a few lines of code.

#Colin