Forum Discussion

Wim_113532's avatar
Wim_113532
Icon for Nimbostratus rankNimbostratus
Dec 17, 2010

ProxyPassv10 irule in combination with ASM

Hi all,

 

 

We have an application for which we created a VIP on BIG-IP. All content sent to the VIP is sent to let's say POOL1, except for all content starting with /example which is sent to POOL2. We also have ASM enabled for this traffic. (Currently we use two different HTTP Classes and 2 policies, but that is no requirement - we can change this to one HTTP Class if needed).

 

 

The problem is that for the traffic starting with /example, we need to do rewriting of the host header and the path. The host header is no problem, but the path is a challenge. The webservers of POOL2 have their content hosted under /, and not under /example. So we need to rewrite /example to / for traffic to POOL2.

 

 

We first tried with a simple iRule just to remove /example from the request URL, but it turns out we need to do some response body rewriting as well.

 

 

Enter the ProxyPass iRule, which seems to work, as long as we don't enable ASM. The problem seems to be in the POOL selection. If we have the HTTP Class assigned to the VIP, the POOL defined there overwrites the definition in our ProxyPass configuration.

 

 

So basically my question is how we can get the ProxyPass iRule to work together with ASM, especially when using two different POOLS depending on the content? If we just use one HTTP Class, all traffic is sent to the the POOL defined there. The POOL defined in the ProxyPass setup is overwritten. And we can't define two HTTP Classes with a selection based on the URI, because the URI has been rewritten already at that point.

 

 

A possible solution would be to work with HTTP Classes in the ProxyPass iRule, but it is not designed in that way.

 

 

Are there any solutions/workarounds/... for our problem?

 

 

Thx in advance for your advice.

 

 

Wim

 

 

 

application delivery
dev
devops
iRules

4 Replies

Sort By
  • Wim_113532's avatar
    Wim_113532
    Icon for Nimbostratus rankNimbostratus
    Dec 17, 2010
    It seems if you omit the pool selection from the HTTP Class, then the pool selection of the ProxyPass iRule is used, while at the same time ASM is enforced.

     

     

    Issue solved

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Dec 17, 2010
    Hi Wim,

     

     

    Glad you figured out a solution. That's expected:

     

     

    sol8018: Overview of the BIG-IP HTTP class traffic flow

     

    http://support.f5.com/kb/en-us/solutions/public/8000/000/sol8018.html

     

     

    Aaron
  • Wim_113532's avatar
    Wim_113532
    Icon for Nimbostratus rankNimbostratus
    Dec 20, 2010
    Hi Aaron,

     

     

    On the other hand, the solution you referenced to also states that if there is no default pool and no pool configured in the HTTP class, the request will be dropped, which is sort of what we have and what I expected.

     

     

    But it also says if you have a default pool and no pool in the HTTP class, the request is sent to the default pool. Which basically means that indeed the HTTP class doesn't overwrite the pool. So yes, it is indeed expected. In our case there is no default pool, but the pool is defined up front by the ProxyPass iRule, and does not get overwritten.

     

     

    Actually to make it more clear, the solution referenced should state something like 'if pool configured on virtual server or in iRule..'. I was thrown off by the default pool definition there.

     

     

    Wim
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Dec 20, 2010
    Sorry for the lack of clarity on that. An iRule could change the pool in multiple events, so the possible outcomes would be difficult to document in a single table.

     

     

    Aaron