Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
code share

Local traffic policies and irules together

Problem this snippet solves:

Local traffic policies are very useful to define URL-based redirection, virtual servers and pool assignments, host header rewriting...

But some actions can't be done with Local traffic policies and there are some deployments with both Policies and irules applied on the same VS.

for HTTP_REQUEST event, Policies are executed before irules. If Policy action is http-reply redirect, the irule is executed but all HTTP changes raise TCL error (insert header, modify cookies, URI rewriting)

This code allow to detect this policy action and disable event and exit irule.

How to use this snippet:

import this irule on the appliance and enable it on the VS (to disable irule event) or insert following line on top of each irule assigned to the VS (to exit the current irule):

if {[POLICY::targets http-reply] } {return}

As http-reply respond with HTTP/1.0 version, the TCP connection will be closed after the reply and no other request will be sent to the F5, the event can be disabled.

Tested on Version:
11.6
Comments on this Snippet
Comment made 28-Oct-2016 by David Klima 0

This is great! THX a lot

0
Comment made 07-Dec-2016 by Martin Robbins 234

We had the same issues but we are also using the 'reset' response option in the LTM policy, this caused all sorts of issues and hideous errors within events that were still trying to run in the HTTP_REQUEST event.

The 'reset' action logs as 'forward' in the POLICY::targets so is not possible to distinguish from a pool selection.

I found a workaround, it seems to work fine on 11.6.1 and 12.1.1 but I am not sure if it will cause issues on other versions.

Adding a set-variable with any name but with the expression

tcl:[event disable all]

So in the properties I have something like:

Name          Conditions                            Actions
reset    http-uri path starts-with /reset        forward reset
                                                 tcl set-variable name iRuleDisable
                                                    expression tcl:[event disable all] 

This will cause all iRule events (usually with a reset only HTTP_REQUEST and CLIENT_CLOSED) to be switched off but if you are resetting the connection that probably makes sense anyway.

1
Comment made 3 weeks ago by brad 375

Can this type of 'direct tcl' using variable assignment work for other commands? specifically i need to assign a pool based on the hostname. the forward to pool only allows for the pools that are defined to be used.

i tried...

tcl:[pool pool_[substr [string tolower [URI::decode [HTTP::host]]] 0 \".\"]_SSL]

but it results in the logging of an error:

Execution of action 'tcl set-variable name=dummy expression=tcl:[pool pool_[substr [string tolower [URI::decode [HTTP::host]]] 0 "."]_SSL]' failed, error ERR_TCL
0