Forum Discussion

SanjayP's avatar
SanjayP
Icon for Nacreous rankNacreous
Jul 31, 2013

Need help on i-rule

Need an i-rule to modify the payload of http for receiving traffic from client cloud to the internal server. payload should be modified in such a way that, internal server should send notification (return traffic) through another virtual server on same LTM and should be http traffic. traffic from client cloud to F5 is https.

 

application delivery
dev
devops
iRules

8 Replies

Sort By
  • Arie's avatar
    Arie
    Icon for Altostratus rankAltostratus
    Jul 31, 2013
    Are you asking for a mechanism that causes the 'internal server' (pool member?) to initiate a notification message somewhere or are you wanting to route the return traffic through a different VIP? Your request is not entirely clear to me.
  • SanjayP's avatar
    SanjayP
    Icon for Nacreous rankNacreous
    Aug 01, 2013
    Hi Arie,

     

     

    Yes, that's right. Or need an alternative solution with i-rule. Scenario is traffic coming from server which is in internet cloud is having a URL which points to dynamic IP. It sends IDS request (http request) to internal pool member. Need to have a another notification request which should be generated by internal pool member and send to the server in cloud.
  • SanjayP's avatar
    SanjayP
    Icon for Nacreous rankNacreous
    Aug 01, 2013
    Hi Arie,

     

     

    Yes, that's right. Or need an alternative solution with i-rule. Scenario is traffic coming from server which is in internet cloud is having a URL which points to dynamic IP. It sends IDS request (http request) to internal pool member. Need to have a another notification request which should be generated by internal pool member and send to the server in cloud.
  • Arie's avatar
    Arie
    Icon for Altostratus rankAltostratus
    Aug 01, 2013
    The Cloud Service may have a dynamic IP-address, but I assume that the IP-address won't change during the conversation. Is that correct?
  • SanjayP's avatar
    SanjayP
    Icon for Nacreous rankNacreous
    Aug 01, 2013
    Sometime it may. So need to direct return traffic using cloud domain name and not on IP address
  • Arie's avatar
    Arie
    Icon for Altostratus rankAltostratus
    Aug 01, 2013
    I'm still puzzled by this. From a web application perspective it would be highly improbable that a client would send a response to another IP-address during the same conversation. Browsers generally hang on to IP-addresses for a relatively long time after the initial DNS-request. Even F5's GTMs don't have a way to let existing clients know that an IP-address has changed.
  • SanjayP's avatar
    SanjayP
    Icon for Nacreous rankNacreous
    Aug 14, 2013

    when HTTP_REQUEST { set lent [HTTP::header Content-Length] log local0.info "Content-length $lent" HTTP::collect $lent log local0.info "Collected" }

    when HTTP_REQUEST_DATA { log local0.info "Request data..." 

     Get ELB domain from data group already configured
 set val [class match -value "Cloud_ELB_Domain" contains PAM_Config] 
 set cloudUrl "https://$val"

 set val1 [class match -value "Notification_Server" contains PAM_Config]
 set replaceUrl "http://$val1"

 log local0.info "To replace $cloudUrl with $replaceUrl"

 if { [HTTP::payload] contains $static::cloudUrl}  {
 log local0.info "Payload matches" 
     set newPLoad [string map [list $static::cloudUrl $replaceUrl] [HTTP::payload]]

     HTTP::payload replace 0 [string length $newPLoad ] $newPLoad 
     log local0.info "Payload modified" 
 }
 HTTP::release

    }

  • SanjayP's avatar
    SanjayP
    Icon for Nacreous rankNacreous
    Aug 14, 2013

    currently we are using above i-rule where we collect HTTP data and changes cloud URL to another virtual server IP, where return notification traffic will be sent. Is there any other possible way to do this or optimize the above i-rule. Pls assist!!