Forum Discussion
Jan 26, 2015
Hi Adi82,
I used a new datagroup of type IP to summarize the IP whitelist clients.
tmsh list ltm data-group
ltm data-group internal datagroup_whitelist_ip {
records {
10.131.141.0/24 { }
}
type ip
}
It will be necessary to create this datagroup first before importing the following iRule:
when RULE_INIT {
application operation mode (on=1|off=0)
set static::app_operation 1
Logging/classification (on=1|off=0)
set static::app_http_debug 1
set static::app_maint_code "503"
set static::app_maint_page "Error 503Web Service Temporarily Unavailable"
set static::app_redir_code "302"
set static::app_maint_locn "http://10.131.131.100/maint.html"
set static::app_servr_strn "Webserver"
}
when HTTP_REQUEST {
evaluate client IP depending on existing header (inserted by CDN) or IP header
if {[HTTP::header exists True-Client-IP]} {
set var_true_client_ip [HTTP::header True-Client-IP]
} else {
set var_true_client_ip [IP::client_addr]
}
serve maintenance page (to serve maintenance page by virtual server)
if { [string tolower [HTTP::path]] starts_with "/maint.html" } {
if { $static::app_http_debug > 0 } {
log local0. "Operational mode <$static::app_operation>, returned 503 (service unavailable) - <[IP::client_addr]:[TCP::client_port]>"
}
HTTP::respond $static::app_maint_code content $static::app_maint_page noserver Server $static::app_servr_strn Connection close
return
}
switch depending on maintenance mode
if { $static::app_http_debug > 0 } {
log local0. "Operational mode <$static::app_operation>, request from IP <$var_true_client_ip> received <[HTTP::method] [HTTP::uri] [HTTP::version]>"
}
switch $static::app_operation {
0 {
policies to run service in maintenance mode
if { ! ([class match $var_true_client_ip equals datagroup_whitelist_ip]) } {
if { $static::app_http_debug > 0 } {
log local0. "Maintenance mode <$static::app_operation>, redirecting client to maintenance page"
}
HTTP::respond $static::app_redir_code noserver Server $static::app_servr_strn Location $static::app_maint_locn Connection Close
return
} else {
if { $static::app_http_debug > 0 } {
log local0. "Maintenance mode <$static::app_operation>, whitelist client request forwarded"
}
}
}
1 {
policies to run service in operational mode
HTTP::header insert X-Forwarded-For $var_true_client_ip
}
}
}
Please modify the value of the global static variable static::app_operation according to the current state of your application (operational=1|maintenance=0) to switch between modes.
Logging can be turned on|off same way.
Thanks, Stephan