Forum Discussion

hc_andy_35682's avatar
hc_andy_35682
Icon for Nimbostratus rankNimbostratus
May 07, 2010

VS Redirection while maintaining Source IP

Hi All,

 

 

I need help with an iRule.

 

 

We have two VIPS set up on the LTM.

 

 

1/ PROXY_VIP

 

2/ WEBMAIL_VIP

 

 

We have schools that use the PROXY_VIP for all HTTP/HTTPS connections. What I want to do is have the schools bypass the PROXY_VIP when they access http://www.webmail.com and redirect the request to WEBMAIL_VIP. I need the school's IP address to be preserved because we are using source_address persistence with the WEBMAIL_VIP to maintain sessions. Is this possible using an iRule?

 

 

Can I put this iRule on the PROXY_VIP??

 

Eg: http://www.webmail.com = IP Address A.B.C.D

 

 

when HTTP_REQUEST {

 

if { [IP::addr [IP::dest_addr] equals A.B.C.D] } {

 

virtual WEBMAIL_HTTP

 

}

 

}

 

Will this preserve the school's IP address???

 

Thanks.

 

Andy

 

 

application delivery
dev
devops
iRules

2 Replies

Sort By
  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    May 07, 2010
    You should do a Redirect based on your compare, since the Client IP Address (Schoo's IP Address) will remain the same after the redirect.

    After the redirect they will persist to the Webmail Virtual Server using the settings applied to that Virtual Server. 

    
when HTTP_REQUEST {
 IP::client_addr explained at http://devcentral.f5.com/Wiki/default.aspx/iRules.IP__client_addr
if { [IP::addr [IP::client_addr] equals xxx.xxx.xxx.xxx] } {
HTTP::redirect "https://webmail.domain.com"
}
}

    If you decide to do some type of validation on the Webmail VIP, based on the Client IP Address coming from a specific set of Subnets, you can base that iRule on this one an modifiy the compare. See this as a reference:

    http://devcentral.f5.com/Wiki/default.aspx/iRules.IP__addr
  • hc_andy_35682's avatar
    hc_andy_35682
    Icon for Nimbostratus rankNimbostratus
    May 10, 2010
    Another question and I'm not sure if this is possible, but can the LTM intercept/process the request from the school before it hits the PROXY_VIP and look at the header to see if it matches http://www.webmail.com and redirect it to the WEBMAIL_VIP - or does the connection first have to hit the PROXY_VIP where the irule HTTP redirection will be actioned???

     

     

    Thanks.

     

     

    Andy