Is iRule the correct method?

Question

I am configuring a new policy on my F5 and I was looking to delve a little into iRules I think for part of this policy. I would like to know if an iRule would be the correct method to use? I have never written an iRule so please bare with me.&nbsp;
Effectively I will have 3 paths for a URL that I need to direct to the same internal server via a specified port.  For example&nbsp;
Abc.com/prod. When someone accesses this link externally the F5 would direct queries to this location to Server1:1234.&nbsp;
Abc.com/test. When someone accesses this link externally the F5 would direct queries to this location to Server1:5678.&nbsp;
Abc.com/dev. When someone accesses this link externally the F5 would direct queries to this location to Server1:5600.&nbsp;
From what I have read so far it looks as though using an iRule for http. The iRule would be an "if uri contains "/test" then direct to "server1:5678"".&nbsp;
Am I correct here or am I totally going down the wrong method?&nbsp;

binarycanary_19 · Answer

irules will work of course, and you are heading in the right direction.&nbsp;
YOu can also use Local Traffic Policies. They can be configured via GUI and are easier if you don't have irule experience. You might want to try these first to see if they meet your needs. irules are more flexible if you can't accomplish this in LT policies. &nbsp;
Local Traffic Policies Manual&nbsp;

will_adams_1995 · Answer

Thanks for the link to the manual, however I couldn't seem to get the LTM configured how I like so I opted to go for an iRule to try and do this.  The iRule seems to work, however I noted that on my any alternate statements it doesn't appear to be working.  The iRule I have configured is something similar to the following.  A reminder of what I am trying to do first&nbsp;
1) External user connects to abc.com/prod.  The F5 then reverse proxies this (nat'd) to the internal server on port 1234
2) External user connects to abc.com/dev.  The F5 then reverse proxies this to the internal server on port 4567.&nbsp;
So with the above in mind, I wrote an iRule such as:&nbsp;
when HTTP_REQUEST
{
if { [HTTP::uri starts_with "/prod"} {pool server1 port-1234}
if { [HTTP::uri starts_with "/test"} {pool server1 port-4567}
if { [HTTP::uri starts_with "/dev} {HTTP::redirect "https://example.com"}
else
 {pool server1 port-1234}
}&nbsp;
I think the above is missing an operator between the IF statements and is likely the cause of my problem. The IF statements gets me a result at least for where I am going (I noted if I put say the HTTP redirect in the first if statement) it would actually do the redirect.  However in the form it is above, it doesn't seem to work.&nbsp;
I am using the virtual server as a standard type and piping this via an APM configuration.  The APM configuration is basically "Start" ==&gt; "Pool Assign" ==&gt; "Allow".  However it is likely that I will remove the APM configuration as this really is just an LTM configuration.  It is also likely that I will remove the Pool that I created for the server and instead just use the iRule to do a "node" instead of "pool".  So effectively the iRule would change to &nbsp;
when HTTP_REQUEST
{
if { [HTTP::uri starts_with "/prod"} {node 10.10.10.10 1234}
if { [HTTP::uri starts_with "/test"} {node 10.10.10.10 4567}
if { [HTTP::uri starts_with "/dev} {node 10.10.10.10 8911}
else
 {node 10.10.10.10 1234}
}&nbsp;
So where in my if statement am I wrong?&nbsp;

binarycanary_19 · Answer

when you paste code, make sure to use the "preformatted/code" button in the editor so that it is easier for others to read the code.

binarycanary_19 · Answer

Do you mean that your Else statements appear not to be working?
when HTTP_REQUEST {
    if {[HTTP::uri] starts_with "/prod" } {
        node 10.10.10.10 1234
    } elseif { [HTTP::uri] starts_with "/test" } {
        node 10.10.10.10 4567 
    } elseif { [HTTP::uri] starts_with "/dev" } {
        node 10.10.10.10 8901
    } else {
        node 10.10.10.10 2345
    }
}

I imagine something like this is what you desire.

stanislas_piro2 · Answer

Hi,
prefer use pool assignment instead of node... create one pool for each URL.
pool_prod : member 10.10.10.10 port 1234pool_test : member 10.10.10.10 port 4567pool_dev : member 10.10.10.10 port 8911
use Local traffic policy :
requires : httpcontrols : forwarding
rule 1 : 
condition : http-uri path starts_with /prodaction : forward pool pool_prod

rule 2:
..

rule 3:
..

rule 4 (default):
condition : noneaction : forward pool def_pool

if you really want to use irule, use switch command:
when HTTP_REQUEST {
    switch -glob [HTTP::path] {
        "/prod*" {
            pool pool_prod
        }
        "/test*" {
            pool pool_test
        }
        "/dev*" {
            pool pool_dev
        }
        default {
            pool def_pool
        }
    }
}

Forum Discussion

Is iRule the correct method?

5 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Get associated pool name from VIP IP using F5-LTM

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

About custome Response Blocking Page

About IPI check ip list

Related Content

Load balancing method specific decision

HTTP method conversion

TLS Fingerprinting - a method for identifying a TLS client without decrypting

Couldn't address the correct reference for the severity level

get_statistics method failing when trying to get current connection counts