Forum Discussion

jeff_mccombs_47's avatar
jeff_mccombs_47
Icon for Nimbostratus rankNimbostratus
Apr 09, 2009

"chaining" iRules?

Hey peeps.

 

 

I'm trying to figure out a way to chain rules together, but I'm not quite understanding how best to go about it.

 

 

What I'd like to be able to do is set up a re-usable set of rules that all sites we host get. So for example, I could have a rule that inspects the HTTP method type and drops requests for TRACE/TRACK/PROFIND etc. Another for working with Universal persistence, maybe some debug rules that could be added to log relevant information when troubleshooting, etc.

 

 

It would seem, that because you can add multiple rules to a VS, that this should be possible? Is this possible?

 

 

If so, is the order in which the rules are run based on which order they are applied to a VS? How do you code such a thing, can you have multiple "when HTTP_REQUEST{}" blocks?

 

 

Am I totally crazy for even suggesting this?
application delivery
dev
devops
iRules

4 Replies

Sort By
  • Joe_Pruitt's avatar
    Joe_Pruitt
    Apr 09, 2009
    You aren't crazy at all. Check out my tech tip on Events that describes how to use the "priority" command to control the processing order of like events.

     

     

    http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=165

     

    Click here

     

     

     

    -Joe
  • jeff_mccombs_47's avatar
    jeff_mccombs_47
    Icon for Nimbostratus rankNimbostratus
    Apr 09, 2009

    Posted By Joe on 04/09/2009 12:41 PM

     

    You aren't crazy at all. Check out my tech tip on Events that describes how to use the "priority" command to control the processing order of like events.

     

    http://devcentral.f5.com/Default.aspx?tabid=63&articleType=ArticleView&articleId=165

     

    Click here

     

     

    -Joe

     

     

     

    EXACTLY what I was looking for. Thank you!
  • 1gw_60162's avatar
    1gw_60162
    Icon for Nimbostratus rankNimbostratus
    Apr 14, 2009
    I just read the iRules 101 - 11 Events explanation and am excited about writing more modular iRules. What I am confused about though is how variables work across iRules within a virtual server. What I would like to accomplish is a set of generic rules which may be used in multiple VS's, plus one unique iRule for each VS that initializes the variables for that specific VS... so each VS's resources would look something like...

     

     

    VS1 Resources:

     

    vs1_config_irule

     

    generic_http_https_redirect_irule

     

    generic_authentication_irule

     

    generic_cookie_persistence_irule

     

    etc.

     

     

    VS2 Resources:

     

    vs2_config_irule

     

    generic_http_https_redirect_irule

     

    generic_authentication_irule

     

    generic_cookie_persistence_irule

     

    etc.

     

     

    ... and each VS's customization would not interfere with the others' nor require the generic iRules to be customized. Each generic iRule would get it's config from the config iRule assigned to the VS. I think this should be possible, but am confused about the scope of local and global variables, as well as which event block the variable initialization should be located (if in RULE_INIT then I assume it would affect all VS's, not just the one's the iRule is assigned to).

     

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Apr 15, 2009
    That's a good plan for configuring generic rules with a per-VIP iRule.

     

     

    Global variables are accessible across all virtual servers and all connections. Local variables are accessible in just the individual TCP (for a TCP-based VIP) connection.

     

     

    As you found, any variable set in RULE_INIT is implicitly created as a global variable. So you would need to define the local variables (specific to one TCP connection) in an event after RULE_INIT, like CLIENT_ACCEPTED or HTTP_REQUEST.

     

     

    Aaron