Can I pass the data-group values to a java script function

Question

I have created 2 data-groups in an irule with string values - noproxy &amp; forceproxy, which are basically Lists of URLs.&nbsp;
I need to pass these string values to a variable I define in a java-script (basically a PAC function). Can I do this ?&nbsp;
Requirement: &nbsp;
There is a need to have regular updates to the noproxy and forceproxy list and we want to keep the same PAC function in the irule except that the javascript renders the latest values stored in the noproxy and forceproxy list to the client browsers.&nbsp;
Is this do-able ?&nbsp;

kevin_stewart · Answer

One thought might be to use the class get command to return a list of all of the contents of a data group (or filtered list), and then loop through that list to create your PAC data:
foreach x [class get noproxy] {
    log local0. [lindex $x 0]
}

If you have key-value pairs in the data group, the class get command will return a list of lists, so the lindex command inside the loop will pull either the key or the value from each entry.

shridhar_kulkar · Answer

Thanks. Can you give me a proto-type irule of what you mean by returning the list of all contents of a data-group to the java-script variable ? I did not quiet seem to follow you.&nbsp;

shridhar_kulkar · Answer

Thanks. Can you give me a proto-type irule of what you mean by returning the list of all contents of a data-group to the java-script variable ? I did not quiet seem to follow you.&nbsp;

kevin_stewart · Answer

The idea is this: you're client is going to request a JavaScript-based PAC file, and you're going to attach the contents of the datagroup, where appropriate, to that file. There are at least two ways to do this:

Create and maintain the entire PAC file in the iRule - this is probably the easiest method, but it requires you to host the PAC content on the F5 itself. Given that most of the data is static though, this should really be an issue.
when HTTP_REQUEST {
    if { [HTTP::uri] equals "/proxy.pac" } {
        HTTP::respond 200 content $data "Content-Type" "text/javascript"
    }
}

where $data is the content that you've dynamically built from both the static content and the datagroup-based dynamic content.

Use a STREAM profile to add the data group content as the PAC file flows through the proxy - this is a bit more elaborate and requires that you a) monitor for the PAC file request, and 2) attach content in a known location in that file as it passes through in the response.
when HTTP_REQUEST {
    STREAM::disable
    if { [HTTP::uri] equals "/proxy.pac" } {
        set rewrite 1
        HTTP::header remove Accept-Encoding
    }
}
when HTTP_RESPONSE {
    if { [info exists rewrite] } {
        unset rewrite
        STREAM::expression "@$hook@$replace@"
        STREAM::enable
    }
}

where $hook is some arbitrary content in the PAC file that you can attach to (or replace), and $replace is the dynamic datagroup-based content that you want to add.

The class get command is used to return all of the data from a datagroup as a list, so the above example extracts that data into a temporary list and then iterates over its contents. 
set y ""
foreach x [class get noproxy] {
    append y [lindex $x 0]
}

Each key and value inside a datagroup is going to be returned as a list itself, so the entire list will essentially be a list of lists:
{ { key value } { key value } { key value } { key value } }

The lindex command extracts the first item from each internal list (which is the key of that list).

shridhar_kulkar · Answer

Kevin,
Right now, I have the i-rule as below.
when RULE_INIT {
   set pacfile {
     function FindProxyForURL(url, host) {
     if (isPlainHostName(host))
     return "DIRECT";

// If IP of the requested host falls within any of the below address ranges specified, send direct.
if (isInNet(dnsResolve(host), "10.206.192.0", "255.255.224.0") ||
isInNet(dnsResolve(host), "10.206.240.0", "255.255.248.0") ||
isInNet(dnsResolve(host), "10.206.248.0", "255.255.252.0") ||
isInNet(dnsResolve(host), "10.206.252.0", "255.255.252.0"))
return "DIRECT";

return "PROXY proxy.company.com:8080";
  }

}
}
when HTTP_REQUEST {
  switch -glob [string tolower [HTTP::uri]] {
   "/proxy.pac" {
      HTTP::respond 200 content $::pacfile "Content-Type" "application/x-ns-proxy-autoconfig" "pragma" "no-cache"
   }
 }
}
My requirement is how can I dynamically add address ranges to pass to the PAC function isInNet(dnsResolve(host) using data-groups ?
Using your idea, can I do something like below ?
1&gt; Create a string data-group as 'noproxy-address-space' and add the address ranges.
2&gt; Modify the i-rule as below -
when RULE_INIT {
    set y ""
    foreach x [class get noproxy-address-space] {
    append y [lindex $x 0]
}
   set pacfile {
     function FindProxyForURL(url, host) {
     if (isPlainHostName(host))
     return "DIRECT";

// If IP of the requested host falls within any of the below address ranges specified in the data-group, send direct.
if (isInNet(dnsResolve(host), foreach y)
return "DIRECT";

return "PROXY proxy.company.com:8080";
  }

}
}
when HTTP_REQUEST {
  switch -glob [string tolower [HTTP::uri]] {
   "/proxy.pac" {
      HTTP::respond 200 content $::pacfile "Content-Type" "application/x-ns-proxy-autoconfig" "pragma" "no-cache"
   }
 }
}
My goal is to give liberty for admins to add new address ranges to the data-group, without bothering them to make changes to the i-rule.
Appreciate your reply.
Regards,
Shridhar

Forum Discussion

Can I pass the data-group values to a java script function

8 Replies

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

Intermediate iRules: Data-Groups

Can I have a data group, with "data group" members

F5 Cloud-Native Functions For Secure DNS

v11: iRules Data Group Updates

Mass input/create "Data group list" ?