Forum Discussion

lipos_54863's avatar
lipos_54863
Icon for Nimbostratus rankNimbostratus
Apr 16, 2010

irule not working on HTTPS

Hi,

 

 

I have a problem.

 

I need to apply this irule to both HTTP and HTTPS VS.

 

No persietence is added on the F5s.

 

It's doing it's thing on HTTP but crushing on HTTPS and showing "The connection was reset".

 

HTTPS is doing SSL offloading and both are using the same pool. Any suggestion?

 

 

timing on

 

 

when HTTP_REQUEST {

 

if { [HTTP::uri] contains "SingleSignOn"} {

 

node 89.x.x.x

 

log local0. "UNI triggered by: [HTTP::host][HTTP::uri], remote IP: [IP::remote_addr], node IP: [LB::server addr]"

 

}

 

elseif { [HTTP::uri] contains "SSO"} {

 

node 89.x.x.x

 

log local0. "UNI triggered by: [HTTP::host][HTTP::uri], remote IP: [IP::remote_addr], node IP: [LB::server addr]"

 

}

 

}

 

 

Logs for HTTP are working fine and showing in the syslog, but logs for HTTPS are not showing at all and the the connection is being reset. Any idea?

 

application delivery
dev
devops
iRules

4 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Apr 16, 2010
    Hi Lipos,

    I think you need to specify the port in the node command if LTM needs to do port translation for the HTTPS VS. Can you try this: 

    
when HTTP_REQUEST {  
   switch [HTTP::uri] {
      "SingleSignOn" -
      "SSO" {
          node 89.x.x.x 80
          log local0. "UNI triggered by: [HTTP::host][HTTP::uri], remote IP: [IP::remote_addr], node IP: [LB::server addr]"
       }
   }
}

    Aaron
  • lipos_54863's avatar
    lipos_54863
    Icon for Nimbostratus rankNimbostratus
    Apr 16, 2010
    Nice!

     

     

    All working fine.

     

    Your iRule looks better, but a question: is "-" after "SingleSignOn" is needed, or is it a typo?
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Apr 16, 2010
    The - in a switch statement means that the next case's action should be taken. It's just a way to group multiple switch cases.

     

     

     

    http://www.tcl.tk/man/tcl8.4/TclCmd/switch.htm

     

     

    If a body is specified as - it means that the body for the next pattern should also be used as the body for this pattern (if the next pattern also has a body of - then the body after that is used, and so on). This feature makes it possible to share a single body among several patterns.

     

     

     

    Aaron