iRule to forward https://x.x.com/backdoor to a specific node (requests ending with /backdoor only).
Hello mates,
I am literally new with the iRules in F5. I have red few similar questions and I had a look of provided iRules by that community, but honestly.. I am totally lost in codding and I am not sure that I can produce the iRule exactly needed to me, just looking at 5 other similar iRules.
What we have:
VIP operating on 443 (lets call it VS_test) Pool assigned to it (called pool_test) having two members 1.1.1.1 and 1.1.1.2 on port 9002.
The URL they are accessing is https://test.dimov.com/backdoor
So, when they access https://test.dimov.com/backdoor (with that /backdoor at the end) traffic should go to node 1.1.1.1 only. For the other traffic there might be two options (this is still not clarified).
1 All other traffic to go to ndoe 1.1.1.2 or 2 to be load balanced between both.
But requests including /backdoor at the end should go to 1.1.1.1 only!
We don't have any SSL Profile (client) or (server) so according to my understanding we don't really terminate the SSL on the F5. VIP is on 443 -> no SSL profiles -> nodes listening on 9002 -> I conclude that there is no offloading, but it is only assumption.
So possible iRules:
1 -> /backdoor hits 1.1.1.1, all other traffic is load balanced between both 2 -> /backdoor hits 1.1.1.1, all other traffic hits 1.1.1.2 3 -> /backdoor hits 1.1.1.1, all other traffic is load balanced between both 4 -> /backdoor hits 1.1.1.1, all other traffic hits 1.1.1.2 1
when HTTP_REQUEST {; if { [HTTP::uri] ends_with "/backdoor" } { node 1.1.1.1 9002 } else { pool pool_test } }
2
when HTTP_REQUEST {; if { [HTTP::uri] ends_with "/backdoor" } { node 1.1.1.1 9002 } else { node 1.1.1.2 9002 } }
3
when HTTP_REQUEST { switch -gob [string tolower [HTTP::uri]] { "/backdoor" { node 1.1.1.1 9002 } default { pool pool_test } } }
4
when HTTP_REQUEST { switch -gob [string tolower [HTTP::uri]] { "/backdoor" { node 1.1.1.1 9002 } default { node 1.1.1. 9002 } } }
Are those iRules even close to the "reality"? Also if I am right that we dont terminate the SSL on the F5 (because we dont have applied any SSL profile to client side, will it work? Or we should put a certificate so it will terminate the session?)
Cheers,
Best regards, Latcho