Forum Discussion
Hi Rwagner,
security wise its always a good idea to use a white-list of acceptable values before passing user provided information to subsequent iRule commands. Depending on you remaining configuration you original iRule may allow the user to select a pool which was not intended...
You may check to the iRule below. It will white-list the individual [HTTP::host] values and assign a pool or perform a 301 - Permanent Redirect as needed and last but not least send a 503 - Bad Gateway response for every request with an unknown [HTTP::host] value.
After assigning the [pool], the iRule checks if the currently selected pool object has [active_members] available . If not the iRule would respond with your Maintenance-Page using a 502 - Service Unavailable response code to not hurt your Google search results and SEO ratings...
when HTTP_REQUEST {
switch -exact -- [string tolower [HTTP::host] {
"www.abc.com" {
pool "www.abc.com"
}
"www.xyz.com" {
pool "www.xyz.com"
}
"abc.com" {
HTTP::respond 301 "Location" "//www.abc.com[HTTP::uri]"
return
}
"xyz.com" {
HTTP::respond 301 "Location" "//www.abc.com[HTTP::uri]"
return
}
default {
HTTP::respond 503 content "Bad Gateway" "Content-Type" "text/plain"
return
}
}
if { [active_members [LB::server pool]] < 1 } then {
log local0.alert "ALERT-TEAM Pool \"[LB::server pool]\" is down. This mean \"[HTTP::host]\" website is down.";
HTTP::respond 502 content [ifile get App_Offline]
}
}
Cheers, Kai