Forum Discussion

Didier_Fort_226's avatar
Didier_Fort_226
Icon for Altostratus rankAltostratus
Jan 02, 2013

iRule: TCP::close after HTTP::respond

Hello,

I searched on DC and could not find a straight answer to this question so here it is.

Let's say I have the following iRule:

rule my_irule {

    
when HTTP_REQUEST priority 100 {

        
if  { [expression] } {

            
HTTP::respond 200 content [findclass [string tolower [string range [HTTP::uri] 1 end]] myclass ","] "Content-Type" "text/plain" "Cache-Control" "private, max-age=1814400"

        
}

    
}

}

After the HTTP::respond I'd like to prevent other iRules to run on this connection.

What is the recommendation?

My guess would be to run both:

 

event disable all

TCP::close

Thanks in advance,

Didier

application delivery
dev
devops
iRules

4 Replies

Sort By
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jan 03, 2013
    My guess would be to run both:

    event disable allTCP::closei think so.

    anyway, i think instead of tcp::close using connection close http header is also usable. 

    [root@ve10:Active] config  b virtual bar80 list
virtual bar80 {
   destination 172.28.19.252:80
   ip protocol 6
   rules myrule
   profiles {
      http {}
      tcp {}
   }
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when HTTP_REQUEST priority 100 {
  HTTP::respond 200 content "test" "Content-Type" "text/plain" "Cache-Control" "private, max-age=1814400" "Connection" "Close"
  event disable all
}
}

[root@ve10:Active] config  tcpdump -nni 0.0 port 80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on 0.0, link-type EN10MB (Ethernet), capture size 108 bytes
17:24:35.791541 IP 192.168.206.33.61590 > 172.28.19.252.80: S 686337743:686337743(0) win 8192 
17:24:35.791580 IP 172.28.19.252.80 > 192.168.206.33.61590: S 730754191:730754191(0) ack 686337744 win 3780 
17:24:35.792804 IP 192.168.206.33.61590 > 172.28.19.252.80: . ack 1 win 16695
17:24:35.793772 IP 192.168.206.33.61590 > 172.28.19.252.80: P 1:290(289) ack 1 win 16695
17:24:35.793825 IP 172.28.19.252.80 > 192.168.206.33.61590: P 1:144(143) ack 290 win 3780
17:24:35.793842 IP 172.28.19.252.80 > 192.168.206.33.61590: F 144:144(0) ack 290 win 4069
17:24:35.800756 IP 192.168.206.33.61590 > 172.28.19.252.80: . ack 145 win 16659
17:24:35.801665 IP 192.168.206.33.61590 > 172.28.19.252.80: F 290:290(0) ack 145 win 16659
17:24:35.801682 IP 172.28.19.252.80 > 192.168.206.33.61590: . ack 291 win 4069
  • Didier_Fort_226's avatar
    Didier_Fort_226
    Icon for Altostratus rankAltostratus
    Jan 03, 2013
    Thanks.

     

     

    I was concerned about the order, because I would guess that TCP::close would trigger an event (CLIENT_CLOSED maybe). If I am right the order should be:

     

     

    TCP::close

     

    event disable all

     

     

    It would be nice to add events which could be triggered by a command in the documentation.

     

     

    Regards,

     

    Didier
  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Jan 04, 2013
    I was concerned about the order, because I would guess that TCP::close would trigger an event (CLIENT_CLOSED maybe).i do not think so. 

    [root@ve10:Active] config  b rule myrule list
rule myrule {
   when CLIENT_ACCEPTED {
        log local0. ""
        TCP::respond "OK"
        TCP::close
        event disable all
}
when CLIENT_CLOSED {
        log local0. ""
}
}

[root@ve10:Active] config  tail -f /var/log/ltm
Jan  4 09:28:47 local/tmm info tmm[4876]: Rule myrule :
  • Didier_Fort_226's avatar
    Didier_Fort_226
    Icon for Altostratus rankAltostratus
    Jan 09, 2013

    You were right I tested it and the order of the two commands does not matter, but if I do not specify "event disable all", I get a "CLIENT_CLOSED" event.

     

    I got access to a virtual F5, it's mandatory to answer questions like those.

     

    Best regards,

     

    Didier