Forum Discussion

AndyC_86542's avatar
AndyC_86542
Icon for Nimbostratus rankNimbostratus
Sep 23, 2008

Can an F5 route and use iRules on the same packet

I want to do something like this:

 

 

Check an http request for a specific cookie. If the cookie isn't there then respond with an http redirect. I can do this fairly easily using iRules.

 

 

Otherwise (if the cookie is there) route the traffic onwards to a pool of transparent proxy servers which can access the web (so a default router pool in effect). I have failed miserably to get this second part to work.

 

 

Is this possible? Any suggestions how?
application delivery
dev
devops
iRules

4 Replies

Sort By
  • AndyC_86542's avatar
    AndyC_86542
    Icon for Nimbostratus rankNimbostratus
    Sep 23, 2008
    Just for interest, I've been trying to do it so far using a virtual server (0.0.0.0:0) to which I apply the irule.
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Sep 23, 2008
    I'd suggest creating a 0.0.0.0:80 VIP (wildcard vip on a specific port) with an HTTP profile. You should then be able to use a rule like this to check for the cookie: 

     
 when HTTP_REQUEST { 
  
     Check if the cookie exists 
    if {[HTTP::cookie exists "my_cookie"]}{ 
  
        Use the proxy pool 
       pool proxy_pool 
  
    } else { 
  
        Redirect the client 
       HTTP::redirect "http://redirected.example.com" 
    } 
 }

    You might want to try adding some kind of validation of the cookie value as the above example could be bypassed by a client manually inserting a cookie with the name.

    Aaron
  • AndyC_86542's avatar
    AndyC_86542
    Icon for Nimbostratus rankNimbostratus
    Sep 24, 2008
    That makes sense. What does the proxy_pool include exactly (I think this is where our problem lies). Does it include router or proxy IP addresses, or something else entirely.
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Sep 24, 2008
    If the proxy servers can be routed to, you could add them to a pool and specify that in the rule. If you want to forward the requests with the cookie according to LTM's routing table, replace 'pool proxy_pool' with 'forward'.

     

     

    Aaron