Client accessing both redirect and default pool in irule.

Question

Working with the below irule.  One of our app teams has complained that when the client is trying to access both the redirect and default pools as part of their of application, it fails.  So what happens is their establishing a session, which takes them to the redirect pool, which works, but then the app sends them to the default pool, which fails.  Any suggestions on what could be modified here?
when HTTP_REQUEST {
set usessl 0
switch -glob [HTTP::path] {
"/foo/bar/" -
"/foo/baa/" { 
snat ~ip address~
set usessl 1
pool redirect-443 }
default {
set usessl 0
pool default-80
} 
} 
}
when SERVER_CONNECTED {
if { $usessl == 0 } {
SSL::disable
}
}

kevin_stewart · Answer

First thing, you can probably streamline the iRule a little bit:&nbsp;when HTTP_REQUEST { 
    switch -glob [HTTP::uri] { 
        "/foo/bar/_*" - 
        "/foo/baa/_*" { 
            snat automap
            pool redirect-443 
        } 
        default { 
            SSL::disable serverside
            pool default-80 
        } 
    } 
} Second thing is that it now depends on HOW it's failing. For instance, you left out the rest of the snat command in your sample code, so assuming you were pointing to Automap or a specific snat pool. Do you intend to not apply a snat for default pool traffic? What does the redirect look like?&nbsp;

nitass · Answer

So what happens is their establishing a session, which takes them to the redirect pool, which works, but then the app sends them to the default pool, which fails.&nbsp;

does it work if client accesses to only the default pool?&nbsp;

atoth · Answer

If the client accesses the redirect, it works fine, and it works fine if the client just accesses the default pool.  Its only when the app tries to combine the two where its failing.&nbsp;

nitass_89166 · Answer

Its only when the app tries to combine the two where its failing.&nbsp;

are you using oneconnect profile? if not, can you try?&nbsp;
sol7208: Overview of the OneConnect profile&nbsp;
http://support.f5.com/kb/en-us/solutions/public/7000/200/sol7208.html&nbsp;

nitass · Answer

Its only when the app tries to combine the two where its failing.&nbsp;

are you using oneconnect profile? if not, can you try?&nbsp;
sol7208: Overview of the OneConnect profile&nbsp;
http://support.f5.com/kb/en-us/solutions/public/7000/200/sol7208.html&nbsp;

Forum Discussion

Client accessing both redirect and default pool in irule.

7 Replies

Recent Discussions

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Error when running bigip_command Playbook against LTM : Syntax Error: unexpected argument /bin/sh\n

Can iRule be used to perform exception of IPI category based on Geolocation

Related Content

access portal with redirect URL

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations

Delete Management Default Route?

Anchor Link Redirect

API Security: How to implement API Access Control with F5