Ted_Smith_11168
Feb 27, 2006Nimbostratus
seeing multiple app sessions from iRules?
This might be a long post, so please forgive me...
using a wide IP in 3DNS for aac.alliedinsurance.com
When a user comes into the aac.alliedinsurance.com site, I want to redirect them to aac2.alliedinsurance.com site (which is not a wide IP)
Setup:
1st iRule tied to aac.alliedinsurance.com on port 80:
agentcenter-80-redirect-443
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/plquoting/templates/receiveincomingfile.cfm" } {
HTTP::uri "/PersonalLines/Templates/receiveincomingfile.cfm"
}
else {
HTTP::redirect https://[HTTP::host][HTTP::uri]
}
}
Purpose of rule, match specific uri on port 80, otherwise re-direct to https
2nd iRule tied to aac.alliedinsurance.com on port 443
agentcenter-443-redirect-aac2
when CLIENT_ACCEPTED {
set ckname aac2
set ckvalue [IP::client_addr]
set ckdomain .alliedinsurance.com
set cookie [format "%s=%s; path=/; domain=%s" $ckname $ckvalue $ckdomain]
}
when HTTP_REQUEST {
set uri [HTTP::uri]
}
when HTTP_RESPONSE {
HTTP::respond 302 Location "https://aac2.alliedinsurance.com$uri" "Set-Cookie" $cookie
}
Purpose of rule, set cookie info, redirect to aac2.alliedinsurance.com
3rd iRule tied to aac2.alliedinsurance.com on port 443
aac2.alliedinsurance.com
when CLIENT_ACCEPTED {
set ckname aac2
set ckvalue [IP::client_addr]
set ckdomain .alliedinsurance.com
}
when HTTP_REQUEST {
set uri [HTTP::uri]
set host [HTTP::host]
set new_uri /center/templates/welcome.cfm
set new_url $host$new_uri
if {[HTTP::cookie exists $ckname]} {
if { $uri contains "agencyctr" } {
HTTP::redirect https://$new_url
} else {
pool Shared
}
} else {
HTTP::redirect "https://aac.alliedinsurance.com$uri"
}
}
Purpose of rule, check for cookie set in 2nd rule, allow user to site. If cookie not present redirect to aac.alliedinsurance.com:443 to set cookie.
Problem: During loadtesting developers are telling me that 2 application sessions are being set one one user accesses the site.
My fear is that on the first or second rule, the bigip is allowing the client back to the app server (which would set the session). My understanding is that the bigip should only allow client through to app server if iRule conditions are met.
Am I understanding this correctly or do I have a problem with my iRule logic. I have some network traces done, but ssl makes it hard (impossible) to see details. There is a lot of complexity here and I don't know if I have done a good job of explaining everything.
Please ask questions if something is not clear. I've got to get some hard answers back to developers.
Thanks,
Ted Smith
Allied Insurance