Forum Discussion
4 Replies
- natheCirrocumulus
Rajesh - quick answer is no you can't use any http events in an irule. Big-ip won't have the visibility.
You would have to use CLIENT_ACCEPTED event and then filter on port perhaps using TCP:local_port and then direct to a pool member with the pool command (pool my_Pool member x.x.x.x 443)
Hope this helps,
N
- Rajesh_07_16489Nimbostratus
Thank you Nathan.
- natheCirrocumulusno probs
- Rajesh_07_16489Nimbostratus
Hi Nathan, I have gotten exact requirement from client now. I suppose, you can be able to help me over here. Client’s laptop has local host entries for abc.com, xyz.com,console.com, ddd.com and these host entries are pointed to single VIP.
This is current scenario: 1.abc.com, xyz.com,console.com,ddd.com f5 VIP (1.1.1.1) 2 back end servers (LB – Predictive method and Primary - 192.168.1.2, Secondary - 192.168.1.3) 2.SSL encryption is happening from client to server and we will not be able to do SSL interception at f5 end.
Requirement as follows: When users use console.com, irule should be invoked and request always should reach primary server’s console and if primary is down, request should go to secondary one. For remaining host entries, traffic flow should happen as per our current scenario explained above. Note: I think, users may use URI along with host entry of local machine in order to reach particular path of the application.
To my knowledge , If SSL interception is done at f5 end, then we can use http:host header value to define Irule else we have to define it based upon client source IP address.
Not sure, how can we approach this scenario. Kindly help me if we have any best solution for this scenario.