20 Lines or Less #80

What could you do with your code in 20 Lines or Less?

That's the question we like to ask from, for, and of (feel free to insert your favorite preposition here) the DevCentral community, and every time we do, we go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head. Thus was born the 20LoL (20 Lines or Less) series many moons ago. Over the years we've highlighted hundreds of iRules examples, all of which do downright cool things in less than 21 lines of code.

Restricting Access to VIP

Restrict users from browsing directly to VIP

BIG-IP is built to deliver traffic. Yes, it's a default deny device, but once you configure a vip, traffic that matches will flow until you set a policy to restrict it. John asked if it was possible to make sure requests to a certain vip are targeting the fqdn, not the IP. This is a simple problem that has several solutions, two of which are detailed in the post above and are just a few lines actually. Rather than share those here, I thought I'd point out a third solution that doesn't require iRules at all, and is still 20 lines or less! (Ok, busted. It's 24 lines or less. But the real good squishy stuff, the RULES, are 20 lines or less, so let's all play nicely here and pretend the rules don't matter.) This LTM policy aligns with Hamish's iRules solution, checks to see if the specified fqdn is present in the host header and resets the connection if not.

 

ltm policy http.redirects {
    controls { forwarding }
    requires { http }
    rules {
        require_fqdn {
            actions {
                0 {
                    forward
                    reset
                }
            }
            conditions {
                0 {
                    http-host
                    host
                    not
                    values { my.domain.com }
                }
            }
            ordinal 1
        }
    }
    strategy all-match
}

 

Select ASM Policy by Charset?

iRule for selecting ASM policy

There currently isn't an iRule solution on this thread, but member MiLK_MaN suggested a vip targeting vip solution where the analysis could be done on the front vip and the traffic direction done in the iRule to select a variety of back end vips. Continuing the theme of policies, however, I can get the details of one of these charsets handled in less than 20 lines as well. Based on the presence of the request header Accept-Charset, the ASM policy will be selected to match the charset. Note you will also need a default case specified. The full policy is posted on this thread linked above.

 

        win1252 {
            actions {
                0 {
                    asm
                    enable
                    policy /Common/asm_win1252_policy
                }
            }
            conditions {
                0 {
                    http-header
                    name Accept-Charset
                    values { Windows-1252 }
                }
            }
            ordinal 1
        }

 

Adding a Port to the Host Header

How to redirect from port to another port and to hide the port from the url of client side?

And the award for wordiest title in a question goes to....Mahmoud! I kid, I kid. Buried in the obscure title is a slick one liner header replacement (complete with two lines of event wrapper.) Please note that the HTTP::host command will return a non-standard port. So if you request http://my.domain.com:9000, the host header would have a value of my.domain.com:9000, but if you request standard http/https, the port is not included.

 

when HTTP_REQUEST {
    HTTP::header replace Host "[HTTP::host]:9000"
}
Published Sep 15, 2014
Version 1.0
20 lines or less
application delivery
devops
iRules

Was this article helpful?

No CommentsBe the first to comment