Forum Discussion

Georgi__Joe__St's avatar
Georgi__Joe__St
Icon for Altostratus rankAltostratus
Dec 17, 2015

What is proper way to stop irule processing when F5 is behind Akamai CDN

Hi guys,

I am adapting current iRules to be "compatible" with Akamai CDN. My current challenge is how to replace properly drop, reject or event disable.

Any safe way to close HTTP session and disable irules processing for it, without closing TCP connection?

Currently I am focusing on HTTP::redirect and "if/then" flag that irule need to be skipped.

when HTTP_REQUEST {
    if { $HTTP_Request_State eq "Continue" } {
        Do Something
    }
}

But will be cool if there is other way, for some vhost we have more than 10 rules...

BIG-IP
devops
iRules

2 Replies

Sort By
  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Dec 17, 2015

    Hi Joe,

    instead of using variables to deactivate certain script blocks, you could disable further iRule processing by using 

    [event disable all]
    followed by an 
    return
    to stop the current iRule. To reenable the events again you have to either 
    TCP::close
    the connection or configure an LTM Policy which reenables the iRule processing on each subsequent HTTP request.

    LTM Policy Condition:

    • Every request

    LTM Policy Action:

    • Target: TCL
    • Event: request
    • Action: set-variable
    • Name: dummy_var
    • Expression: [event enable all]

    Cheers, Kai

  • Hannes_Rapp's avatar
    Hannes_Rapp
    Icon for Nimbostratus rankNimbostratus
    Dec 17, 2015

    Any HTTP requests routed via Akamai CDN come with "Via" Header that contain 'akamai' sub-string in it. Therefore, for HTTP services you can use my iRule as a starting point. You can similarly just start with the functionality right after the Via header value check, but if you have more bypass conditions, such as some monitoring server IPs, using a variable could make your code look better visually.

     

    I use similar logic

     

    when HTTP_REQUEST {
  set byPass 0
  if  { [HTTP::header value "Via"] contains "akamai" }{
     Replace akamai with llnw if you use Limelight
    set byPass 1
  }

  if  { $byPass == 0 }{
     Do whatever you want here
  }
}