Forum Discussion

VFB's avatar
VFB
Icon for Cirrus rankCirrus
Oct 19, 2014

iRule validation before upgrading

hi all. i have a few irules i'd like someone with more expertise to look over and see if there would be any issues with them before upgrading to version 11.6.1. each rule is divided

when HTTP_REQUEST {

if {([HTTP::uri] == "/") } { [24;1H[K[7m---(less 40%)---[27m[24;1H[24;1H[K HTTP::uri /owa } } }

==================================

when HTTP_REQUEST { if { [HTTP::host] equals "webmail.yahoo.com" } { if { [HTTP::uri] equals "/" } { HTTP::uri /owa[HTTP::uri] } }

============================

when RULE_INIT { set ::inbound_vlan "4094" set ::device_id "PL-EMSF5-01.lb01.f5.com" set ::strlimit 256 set ::doAES 0 set ::AESKey "F(NY$*@&TYY%($&@(%SLJSDLF" }

=====================================

when CLIENT_ACCEPTED { set secs [clock seconds] [24;1H[K[7m---(less 42%)---[27m[24;1H[24;1H[K set usecs [expr {[clock clicks] - [expr {$secs * 1000000}]}] Since the seconds counter can increment between the two clock calls above, we need to correct for values over 1000000. This may adjust the measured time to be somewhere between the two calls (instead of using the second measurement). All other rollover conditions will not cause a problem. if { $usecs > 1000000 } { set usecs "999999" } else { set usecs [format "%06u" $usecs] } set conn_start_time $secs.$usecs

set clientside_client_addr [IP::client_addr]
set clientside_client_port [TCP::client_port]
set clientside_server_addr [IP::local_addr]
set clientside_server_port [TCP::local_port]

set clientflow "$clientside_client_addr:$clientside_client_port"
append clientflow "-$clientside_server_addr:$clientside_server_port@$conn_start_time"

set vlanid "[LINK::vlan_id]"
if { [string compare $vlanid $::inbound_vlan] } {

[24;1H[K[7m---(less 45%)---[27m[24;1H[24;1H[K set direction "Inbound" } else { set direction "Outbound" }

set log_event "neds.f5.conn.start.v1"
set log_content "\"$::device_id\","
append log_content "\"$clientflow\"," 
append log_content "$conn_start_time,"
append log_content "\"[LINK::vlan_id]\","
append log_content "[IP::protocol],"
append log_content "[IP::tos],"
append log_content "[IP::ttl],"
append log_content "\"[virtual]\","
append log_content "\"$direction\""
if { $::doAES } {
    append log_event ".AES+base64"
    set log_content [b64encode [AES::encrypt $::AESKey $log_content]]
}

log local0. \"$log_event\",$log_content

}

====================================================

when CLIENT_CLOSED { set secs [clock seconds] set usecs [expr {[clock clicks] - [expr {$secs * 1000000}]}] if { $usecs > 1000000 } { set usecs "999999" } else { set usecs [format "%06u" $usecs] } set conn_end_time $secs.$usecs

set log_event "neds.f5.conn.end.v1"
set log_content "\"$::device_id\","
append log_content "\"$clientflow\",$conn_end_time,"
append log_content "[lindex [IP::stats pkts] 0],"
append log_content "[lindex [IP::stats pkts] 1],"
append log_content "[lindex [IP::stats bytes] 0],"
append log_content "[lindex [IP::stats bytes] 1]"
if { $::doAES } {
    append log_event ".AES+base64"
    set log_content [b64encode [AES::encrypt $::AESKey $log_content]]
}

log local0. \"$log_event\",$log_content

[24;1H[K[7m---(less 49%)---[27m[24;1H[24;1H[K }

================================================

when HTTP_REQUEST { set secs [clock seconds] set usecs [expr {[clock clicks] - [expr {$secs * 1000000}]}] if { $usecs > 1000000 } { set usecs "999999" } else { set usecs [format "%06u" $usecs] } set http_request_time $secs.$usecs

set http_host [string range [HTTP::host] 0 $::strlimit]
set http_host [string map {{"} {""}} $http_host]
set http_request_uri [string range [HTTP::uri] 0 $::strlimit]
set http_request_uri [string map {{"} {""}} $http_request_uri]
set http_username [string range [HTTP::username] 0 $::strlimit]
set http_username [string map {{"} {""}} $http_username]
set http_user_agent [string range [HTTP::header User-Agent] 0 $::strlimit]
set http_user_agent [string map {{"} {""}} $http_user_agent]

[24;1H[K[7m---(less 51%)---[27m[24;1H[24;1H[K set log_event "neds.f5.http.req.v1" set log_content "\"$::device_id\"," append log_content "\"$clientflow\"," append log_content "$http_request_time," append log_content "[HTTP::request_num]," append log_content "\"$http_host\"," append log_content "\"$http_request_uri\"," append log_content "\"$http_username\"," append log_content "\"$http_user_agent\"" if { $::doAES } { append log_event ".AES+base64" set log_content [b64encode [AES::encrypt $::AESKey $log_content]] } log local0. \"$log_event\",$log_content

}

======================================

when HTTP_RESPONSE { set secs [clock seconds] set usecs [expr {[clock clicks] - [expr {$secs * 1000000}]}] if { $usecs > 1000000 } { set usecs "999999" } else { [24;1H[K[7m---(less 54%)---[27m[24;1H[24;1H[K set usecs [format "%06u" $usecs] } set http_reply_time $secs.$usecs

set content_length ""
if { [HTTP::header exists "Content-Length"] } {
    set content_length [HTTP::header "Content-Length"]
}
set lb_server "[LB::server addr]:[LB::server port]"
if { [string compare "$lb_server" ""] == 0 } {
    set lb_server ""
}
set status_code [HTTP::status]
set status_code [string map {{"} {""}} $status_code]
set content_type [HTTP::header "Content-type"]
set content_type [string map {{"} {""}} $content_type]

set serverside_client_addr [IP::local_addr]
set serverside_client_port [TCP::local_port]
set serverside_server_addr [IP::remote_addr]
set serverside_server_port [TCP::remote_port]

set serverflow "$serverside_client_addr:$serverside_client_port"

[24;1H[K[7m---(less 56%)---[27m[24;1H[24;1H[K append serverflow "-$serverside_server_addr:$serverside_server_port"

set log_event "neds.f5.http.resp.v1"
set log_content "\"$::device_id\","
append log_content "\"$clientflow\","
append log_content "$http_reply_time,"
append log_content "[HTTP::request_num],"
append log_content "\"$status_code\","
append log_content "\"$content_type\","
append log_content "\"$content_length\","
append log_content "\"$lb_server\","
append log_content "\"$serverflow\""
if { $::doAES } {
    append log_event ".AES+base64"
    set log_content [b64encode [AES::encrypt $::AESKey $log_content]]
}

log local0. \"$log_event\",$log_content

} }

===============================================

when HTTP_REQUEST { if { [HTTP::host] equals "owa.hhs.gov" } { if { [HTTP::uri] equals "/" } { HTTP::uri /owa[HTTP::uri] } } } } ltm rule exchange_persist { when HTTP_REQUEST { if { [HTTP::header "User-Agent"] contains "MSRPC" } { persist uie [HTTP::header "Authorization"] 3600 } else { persist cookie } } } ltm rule exchange_redirect { when HTTP_REQUEST { HTTP::redirect https://[HTTP::host]/owa/ } } ltm rule http_500_error { [24;1H[K[7m---(less 60%)---[27m[24;1H[24;1H[K when HTTP_RESPONSE { if { [HTTP::status] >= 500 } { LB::down } } }

==================================================

when CLIENT_ACCEPTED { set ext_src [IP::remote_addr]:[TCP::remote_port] set ext_dst [IP::local_addr]:[TCP::local_port] }

when SERVER_CONNECTED { set int_src [IP::local_addr]:[TCP::local_port] set int_dst [IP::remote_addr]:[TCP::remote_port] log local0. "$ext_src->$ext_dst->$int_src->$int_dst" } }

application delivery
devops
iRules