Forum Discussion

Angelo's avatar
Angelo
Icon for Nimbostratus rankNimbostratus
Oct 26, 2012

I-rule persistence

Hi

 

 

with a i-rule i know you can add persistence, but how do you add session persistence on a i-rule but also have the source IP in the header of conent..

 

5 Replies

  • how do you add session persistence on a i-rule but also have the source IP in the header of conent.sorry i cannot catch you. can you provide an example?
  • Angelo's avatar
    Angelo
    Icon for Nimbostratus rankNimbostratus
    the requirement for the site is.. that the source IP address needs to in the headers after logging in. and there needs to be session persistence on the VS as well. because i have IP restrictions and i only have one VS running with a irule to split the site's to there respective pools. i can't add persistence in the VS so i need to add it in the irule for this site...
  • is it http/https traffic? if so, is x-forwarded-for (http profile) or http::header insert (irule) usable?

     

     

    sol4816: Using the X-Forwarded-For HTTP header to preserve the original client IP address for traffic translated by a SNAT

     

    http://support.f5.com/kb/en-us/solutions/public/4000/800/sol4816.html
  • Angelo's avatar
    Angelo
    Icon for Nimbostratus rankNimbostratus
    it's a https site, x-forwarders is disabled on the http profile. i have a streaming irule for the inserting but the persistence is the problem

     

     

    when HTTP_REQUEST {

     

    disable stream processing for request traffic

     

    STREAM::disable

     

    s store the client IP address

     

    set client_ip [IP::client_addr]

     

    }

     

    when HTTP_RESPONSE {

     

    if { [HTTP::header Content-Type] equals "text/html" } {

     

    establish the stream expression - here we're just modifying the contents <br /> STREAM::expression "@@ - ($client_ip)@"

     

    enable stream processing

     

    STREAM::enable

     

    }

     

    }
  • sorry i still do not understand what the problem is. you can control bigip behavior using irule. for example, i want to send traffic to different pool based on uri. anyway, i need x-forwarded-for header and cookie persistence on one pool only. the following is my configuration.

    [root@ve10:Active] config  b virtual bar list
    virtual bar {
       snat automap
       destination 172.28.19.79:80
       ip protocol 6
       rules myrule
       persist cookie
       profiles {
          http {}
          tcp {}
       }
    }
    [root@ve10:Active] config  b pool foo1 list
    pool foo1 {
       members 200.200.200.101:80 {}
    }
    [root@ve10:Active] config  b pool foo2 list
    pool foo2 {
       members 200.200.200.111:80 {}
    }
    [root@ve10:Active] config  b rule myrule list
    rule myrule {
       when HTTP_REQUEST {
       switch -glob [string tolower [HTTP::uri]] {
          "/foo1*" {
             HTTP::header insert X-Forwarded-For [IP::client_addr]
             persist cookie
             pool foo1
          }
          default {
             persist none
             pool foo2
          }
       }
    }
    }
    
     1st request to /foo1/something
     on client
    
    [root@centos11 ~] curl -I http://172.28.19.79/foo1/something
    HTTP/1.1 404 Not Found
    Date: Fri, 26 Oct 2012 08:21:56 GMT
    Server: Apache/2.2.3 (CentOS)
    Connection: close
    Content-Type: text/html; charset=iso-8859-1
    Set-Cookie: BIGipServerfoo1=1707657416.20480.0000; path=/
    
     packet trace on bigip
    
    [root@ve10:Active] config  ssldump -Aed -nni 0.0 port 80
    New TCP connection 1: 172.28.20.11(59314) <-> 172.28.19.79(80)
    1351238672.9938 (0.0010)  C>S
    ---------------------------------------------------------------
    HEAD /foo1/something HTTP/1.1
    User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
    Host: 172.28.19.79
    Accept: */*
    
    ---------------------------------------------------------------
    
    New TCP connection 2: 200.200.200.10(59314) <-> 200.200.200.101(80)
    1351238672.9957 (0.0016)  C>S
    ---------------------------------------------------------------
    HEAD /foo1/something HTTP/1.1
    User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
    Host: 172.28.19.79
    Accept: */*
    X-Forwarded-For: 172.28.20.11
    
    ---------------------------------------------------------------
    
     2nd request too /something
     on client
    
    [root@centos11 ~] curl -I http://172.28.19.79/something
    HTTP/1.1 404 Not Found
    Date: Fri, 26 Oct 2012 08:04:34 GMT
    Server: Apache/2.2.3 (CentOS)
    Connection: close
    Content-Type: text/html; charset=iso-8859-1
    
     packet trace on bigip
    
    [root@ve10:Active] config  ssldump -Aed -nni 0.0 port 80
    New TCP connection 1: 172.28.20.11(59315) <-> 172.28.19.79(80)
    1351238750.4956 (0.0008)  C>S
    ---------------------------------------------------------------
    HEAD /something HTTP/1.1
    User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
    Host: 172.28.19.79
    Accept: */*
    
    ---------------------------------------------------------------
    
    New TCP connection 2: 200.200.200.10(59315) <-> 200.200.200.111(80)
    1351238750.4968 (0.0010)  C>S
    ---------------------------------------------------------------
    HEAD /something HTTP/1.1
    User-Agent: curl/7.15.5 (x86_64-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
    Host: 172.28.19.79
    Accept: */*
    
    ---------------------------------------------------------------