Help withcatch-all for iRule

Question

Folks&nbsp;
&nbsp;I am hoping someone can provide some advise for this, I am relatively new to iRules. I have an iRule that checks HTTP::uri for various strings and directs traffic to a pool based on that. The complete iRule is at the bottom of this post. We have discovered that some applications are communicating using the weblogic t3 protocol rather than http. So for that traffic the rule is never matched and the traffic goes into a black hole. I would like a catch-all at the end of the rule that will send any traffic other than http to a default pool but I am unsure how to achieve this. I had hoped that placing this at the end of the iRule would provide a solution:&nbsp;
&nbsp;when CLIENT_DATA {
&nbsp;  if { ([TCP::local_port] == 8020) } {
&nbsp;    pool evo_3dns_pool
&nbsp;  }
&nbsp;}&nbsp;
&nbsp;But it has been pointed out that this will intercept all traffic (even the http specified at the top of the iRule) and send everything to the default pool. Any thoughts on how I progress?&nbsp;
&nbsp;rule Evo_iRules {
&nbsp;when HTTP_REQUEST {
&nbsp;if { [HTTP::uri] starts_with "/nws" } {
&nbsp;log " [HTTP::uri] - using evo_news_pool"
&nbsp;pool evo_nws_pool
&nbsp;} else {
&nbsp;if { [HTTP::uri] starts_with "/wea" } {
&nbsp;pool evo_wea_pool
&nbsp;}
&nbsp;else {
&nbsp;if { [HTTP::uri] starts_with "/adt" } {
&nbsp;pool evo_adt_pool
&nbsp;}
&nbsp;else {
&nbsp;if { [HTTP::uri] starts_with "/alerts" } {
&nbsp;pool evo_alerts_pool
&nbsp;}
&nbsp;else {
&nbsp;if { [HTTP::uri] starts_with "/afl" } {
&nbsp;pool evo_afl_pool
&nbsp;}
&nbsp;else {
&nbsp;if { [HTTP::uri] starts_with "/alm" } {
&nbsp;pool evo_alm_pool
&nbsp;}
&nbsp;else {
&nbsp;if { [HTTP::uri] starts_with "/aqe" } {
&nbsp;pool evo_aqe_pool
&nbsp;}
&nbsp;else {
&nbsp;if { [HTTP::uri] starts_with "/bbr" } {
&nbsp;pool evo_bbr_pool
&nbsp;}
&nbsp;else {
&nbsp;if { [HTTP::uri] starts_with "/com" } {
&nbsp;pool evo_com_pool
&nbsp;}
&nbsp;else {
&nbsp;if { [HTTP::uri] starts_with "/crk" } {
&nbsp;pool evo_crk_pool
&nbsp;}
&nbsp;else {
&nbsp;if { [HTTP::uri] starts_with "/gme" } {
&nbsp;pool evo_gme_pool
&nbsp;}
&nbsp;else {
&nbsp;if { [HTTP::uri] starts_with "/mca" } {
&nbsp;pool evo_mca_pool
&nbsp;}
&nbsp;else {
&nbsp;if { [HTTP::uri] starts_with "/mus" } {
&nbsp;pool evo_mus_pool
&nbsp;}
&nbsp;else {
&nbsp;if { [HTTP::uri] starts_with "/pfs" } {
&nbsp;pool evo_pfs_pool
&nbsp;}
&nbsp;else {
&nbsp;if { [HTTP::uri] starts_with "/pic" } {
&nbsp;pool evo_pics_pool
&nbsp;}
&nbsp;else {
&nbsp;if { [HTTP::uri] starts_with "/rbg" } {
&nbsp;pool evo_rbg_pool
&nbsp;}
&nbsp;else {
&nbsp;if { [HTTP::uri] starts_with "/rlg" } {
&nbsp;pool evo_rlg_pool
&nbsp;}
&nbsp;else {
&nbsp;if { [HTTP::uri] starts_with "/run" } {
&nbsp;pool evo_run_pool
&nbsp;}
&nbsp;else {
&nbsp;if { [HTTP::uri] starts_with "/soc" } {
&nbsp;pool evo_soc_pool
&nbsp;}
&nbsp;else {
&nbsp;if { [HTTP::uri] starts_with "/spo" } {
&nbsp;pool evo_spo_pool
&nbsp;}
&nbsp;else {
&nbsp;if { [HTTP::uri] starts_with "/sta" } {
&nbsp;pool evo_sta_pool
&nbsp;}
&nbsp;else {
&nbsp;if { [HTTP::uri] starts_with "/swat" } {
&nbsp;pool evo_swat_pool
&nbsp;}
&nbsp;else {
&nbsp;if { [HTTP::uri] starts_with "/ton" } {
&nbsp;pool evo_ton_pool
&nbsp;}
&nbsp;else {
&nbsp;if { [HTTP::uri] starts_with "/vws" } {
&nbsp;pool evo_vws_pool
&nbsp;}
&nbsp;else {
&nbsp;pool evo_3dns_pool
&nbsp;}
&nbsp;}
&nbsp;}
&nbsp;}
&nbsp;}
&nbsp;}
&nbsp;}
&nbsp;}
&nbsp;}
&nbsp;}
&nbsp;}
&nbsp;}
&nbsp;}
&nbsp;}
&nbsp;}
&nbsp;}
&nbsp;}
&nbsp;}
&nbsp;}
&nbsp;}
&nbsp;}
&nbsp;}
&nbsp;}
&nbsp;}
&nbsp;}&nbsp;

jrahm · Answer

my guess would be that because this isn't HTTP, you can't match the catch-all traffic within the HTTP_REQUEST event.  I think I have some t3 captures buried in my hard drive somewhere--I'll try and look at them today.  If I recall correctly t3 is not well documented at all, but if there is a consistent identifier, you could do a tcp::collect at CLIENT_ACCEPTED and then evaluate t3 or http in CLIENT_DATA.  If t3, find string to switch on and send to appropriate pool, if http, issue tcp::release.  At this point the HTTP_REQUEST event should pick up the rest of your rule.

lee_orrick_5554 · Answer

You may want to try adding a default pool in your virtual definition. I think if no pool selected through the iRule it will be sent to the default pool if it is defined.

unruley_95363 · Answer

Yes, lorrick is correct.  I will add that pool selection is always a replacement operation (unless no default pool is specified).  So, you can select pools as many times as you want, but only the last one will have an effect.&nbsp;
&nbsp;So, you could certainly add a default pool to the virtual which would then be overridden by your logic in the HTTP_REQUEST event.  You could also define a CLIENT_ACCEPTED event and set a pool there, yet still have the HTTP_REQUEST event override that pool with another one.&nbsp;
&nbsp;HTH

Forum Discussion

Help withcatch-all for iRule

3 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

irule

Avoiding Common iRules Security Pitfalls

Simple Sideband - iRule sideband the easy way

GSLB Split DNS by iRule

Live Coding with iRules - Heatmaps!