Forum Discussion

TMaCEvans_92750's avatar
TMaCEvans_92750
Icon for Nimbostratus rankNimbostratus
Dec 09, 2010

redirect non http traffic

I have a vip that is taking in traffic from our website this website uses http traffic of 80 and 443 but also accepts a protocol referred to as WS (Web Socket) also coming in over port 80 I have a Irule setup on this vip which has commands in that require the VIP to have a http profile attached but this WS protocol doesn’t seem to like this. is there a way to only assign the http profile to the http traffic and redirect the WS traffic off to another pool?

 

application delivery
dev
devops
iRules

5 Replies

Sort By
  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Dec 09, 2010
    The challenge would be determining what HTTP traffic is, without having an HTTP profile. :-P
  • TMaCEvans_92750's avatar
    TMaCEvans_92750
    Icon for Nimbostratus rankNimbostratus
    Dec 09, 2010
    the url for the http trafic starts http://

     

    url for the non http trafic starts ws://

     

     

  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Dec 09, 2010
    Posted By TMaCEvans on 12/09/2010 06:59 AM

     

    the url for the http trafic starts http://

     

    url for the non http trafic starts ws://

     

     

     

    But to look at the URL, you need an HTTP profile. In this case, WS is the protocol...if it wasn't running over port 80, you could obviously do another VIP.

     

     

    I'll search for a solution but an not optimistic. Perhaps someone else will come along with an idea.

     

  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Dec 09, 2010
    URI protocol seems like it'd be an option, but again, I'm fairly certain it requires an HTTP Profile to actually investigate the URI.

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/URI__protocol.html
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Dec 09, 2010
    Assuming the HTTP profile only breaks the WS traffic when the payload is sent, you could try disabling the HTTP profile with HTTP::disable if you see a URI::protocol value of ws://. It would be tricky to re-enable the HTTP profile if clients (or intermediate proxies) can use http:// or https:// with ws:// on the same TCP connection.

    Can you try something like this? 

    
when HTTP_REQUEST {

   log local0. "[IP::client_addr]:[TCP::client_port]: [HTTP::method] request to [HTTP::host], [HTTP::uri]"
   if {[string tolower [URI::protocol [HTTP::uri]]] eq "ws"}{

      log local0. "[IP::client_addr]:[TCP::client_port]: Disabling HTTP filter for [URI::protocol [HTTP::uri]]"
      HTTP::disable
   }
}

    Aaron