James_Wrubel_48
Jun 20, 2009Nimbostratus
iRule to conditionally serve Flash xmlsocket policy files
Hi all,
We're building an application that uses a Flash-based VNC client to remotely control machines for test purposes over the Internet using a browser. The users will be behind firewalls with only 80/443 open so we're planning to use the Flash VNC client to connect to the F5 on 80 and have the traffic redirected to a pool of servers listening on port 5900. The Flash security model now requires a socket policy file to be served from the same port as the socket connection. When a request is made Flash will send the string plus a null byte to the server, which must respond with an XML syntax, for example:
Note that all of this uses XML syntax but is not sent or received as HTTP.
So I'm trying to write an iRule that checks the TCP payload for this string and if it filds it, send the responds and close the connection. If not, forward to the pool. I think I've got the syntax correct except for the forwarding part. I can't seem to get the pool command to work - maybe because I'm trying to change the port? and the virtual command isn't firing. Most of my iRule writing is learned from other user's code on the forums and wiki. I suspect I have many syntactic errors, so with some shame here's the current iRule:
when CLIENT_ACCEPTED {
TCP::collect
}
when CLIENT_DATA {
Read the whole packet if we don't have it yet
set len [TCP::payload length]
log local0.info $len
if { $len < 23 } {
TCP::collect
return
}
set crossdomain {
}
if { [TCP::payload] contains "" } {
log local0.info "Found policy file"
TCP::respond $crossdomain
TCP::close
return
} else {
log "Standard packet. Move it along."
virtual my_labs
return
}
TCP::release
}
Any suggestions? the rule seems to fire correctly if the payload does contain the policy file request, but if it's 'normal' traffic the virtual command never gets invoked pool doesn't either). I've got an iRule that logs RULE_INIT and that never gets called so I think it's not getting there at all.