Angelo
Oct 26, 2012Nimbostratus
I-rule persistence
Hi
with a i-rule i know you can add persistence, but how do you add session persistence on a i-rule but also have the source IP in the header of conent..
Hi
with a i-rule i know you can add persistence, but how do you add session persistence on a i-rule but also have the source IP in the header of conent..
sol4816: Using the X-Forwarded-For HTTP header to preserve the original client IP address for traffic translated by a SNAT
http://support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html
when HTTP_REQUEST {
disable stream processing for request traffic
STREAM::disable
s store the client IP address
set client_ip [IP::client_addr]
}
when HTTP_RESPONSE {
if { [HTTP::header Content-Type] equals "text/html" } {
establish the stream expression - here we're just modifying the contents <br /> STREAM::expression "@@ - ($client_ip)@"
enable stream processing
STREAM::enable
}
}
[root@ve10:Active] config b virtual bar list
virtual bar {
snat automap
destination 172.28.19.79:80
ip protocol 6
rules myrule
persist cookie
profiles {
http {}
tcp {}
}
}
[root@ve10:Active] config b pool foo1 list
pool foo1 {
members 200.200.200.101:80 {}
}
[root@ve10:Active] config b pool foo2 list
pool foo2 {
members 200.200.200.111:80 {}
}
[root@ve10:Active] config b rule myrule list
rule myrule {
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::uri]] {
"/foo1*" {
HTTP::header insert X-Forwarded-For [IP::client_addr]
persist cookie
pool foo1
}
default {
persist none
pool foo2
}
}
}
}
1st request to /foo1/something
on client
[root@centos11 ~] curl -I http://172.28.19.79/foo1/something
HTTP/1.1 404 Not Found
Date: Fri, 26 Oct 2012 08:21:56 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: BIGipServerfoo1=1707657416.20480.0000; path=/
packet trace on bigip
[root@ve10:Active] config ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.20.11(59314) <-> 172.28.19.79(80)
1351238672.9938 (0.0010) C>S
---------------------------------------------------------------
HEAD /foo1/something HTTP/1.1
User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.19.79
Accept: */*
---------------------------------------------------------------
New TCP connection 2: 200.200.200.10(59314) <-> 200.200.200.101(80)
1351238672.9957 (0.0016) C>S
---------------------------------------------------------------
HEAD /foo1/something HTTP/1.1
User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.19.79
Accept: */*
X-Forwarded-For: 172.28.20.11
---------------------------------------------------------------
2nd request too /something
on client
[root@centos11 ~] curl -I http://172.28.19.79/something
HTTP/1.1 404 Not Found
Date: Fri, 26 Oct 2012 08:04:34 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: text/html; charset=iso-8859-1
packet trace on bigip
[root@ve10:Active] config ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.20.11(59315) <-> 172.28.19.79(80)
1351238750.4956 (0.0008) C>S
---------------------------------------------------------------
HEAD /something HTTP/1.1
User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.19.79
Accept: */*
---------------------------------------------------------------
New TCP connection 2: 200.200.200.10(59315) <-> 200.200.200.111(80)
1351238750.4968 (0.0010) C>S
---------------------------------------------------------------
HEAD /something HTTP/1.1
User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Host: 172.28.19.79
Accept: */*
---------------------------------------------------------------