Extremely frustrating - traffic isn't processed by iRule

Hi Antony,

Your Irule seems to be correct:

can you enable oneconnec in your VS, it will help you.

https://devcentral.f5.com/s/articles/oneconnect-for-my-irule

"The HTTP client is opening a Keep-Alive connection and sending multiple requests on the same connection. Since LTM, by default, load balances CONNECTIONS (not REQUESTS), it is treating this connection like any other TCP connection -- directly proxying each client connection to a single server socket, and maintaining this one-to-one relationship between client and server for the life of the client connection."

Last point, if you want to avoid using oneconnect. you can built your policy using "LTM Policy" the LTM Policy manage by request so each request is processed and oneconnec is not usefull in this use case.

Keep me in touch if this solution resolve your problem.

regards

Can you attach your iRule in a code snippet so we can see what's going on? Please scrub the data for any sensitive info. Persistence shouldn't play a factor in URL blocking unless there's a condition for it.

You may be missing some logic in your Irule, which is why its bypassing them.

Tell your requirement on what you need to achieve and share your rule here. We'll provide our inputs.

when HTTP_REQUEST {
	###############################################
	#       M E S S A G E   T I M E/D A T E       #
	###############################################
	# GMT times/dates for maintenance message set in site-notifcation-times datagroup
        set outage_start_time [class search -value site-notification-times equals outage_start_time]
        set outage_start_date [class search -value site-notification-times equals outage_start_date]
        set outage_end_time [class search -value site-notification-times equals outage_end_time]
        set outage_end_date [class search -value site-notification-times equals outage_end_date]
        
        set outage_start_date_full "$outage_start_date $outage_start_time"
        set outage_end_date_full "$outage_end_date $outage_end_time"
        
        set startseconds [clock scan $outage_start_date_full]
        set endseconds [clock scan $outage_end_date_full]
 
	set now [clock seconds]
	set timenow [split [clock format [clock seconds] -format {%H%M} ] " " ]
	#log local0. "now = $now | timenow = $timenow"
	# Set values to pass to outage page
	set end [clock scan $outage_end_date_full]
	set day [clock format $end -format {%A}]
	set time [clock format $end -format {%R}]
	set time_zone [class search -value site-notification-times equals time_zone]
#	log local0. "end = $end | day = $day | time = $time | time_zone = $time_zone"
	# Check if the current time is before the start and end time
	if { $now > $startseconds and $now < $endseconds } {
	    #log local0. "Site is down - only allowed URLs should work"
	# If between start and end times/dates enter site_down function.
	# Conditions for page display
	        if { [HTTP::path] equals "/CheckSessionCookie/ServiceNotificationSiteDownGLP.htm" or 
        	     [HTTP::path] equals "/cms/css/core-darwin.css" or
	             [HTTP::path] equals "/cms/csjs/libs/modernizr-1.7.min.js" or
	             [HTTP::path] equals "/csjs/predictiveText.js" } {
		     log local0. "Allow request for: [HTTP::path]"
		} else {
		     log local0. "Sending request for: [HTTP::path] to Site Down page"
		     #HTTP::respond 302 Location https://[HTTP::host]/CheckSessionCookie/ServiceNotificationSiteDownGLP.htm?day=$day&time=$time&zone=$time_zone
		     HTTP::redirect "https://[HTTP::host]/CheckSessionCookie/ServiceNotificationSiteDownGLP.htm?day=$day&time=$time&zone=$time_zone"
		     event disable all
		}
	} else {
		log local0. "Site isn't down right now"
	}
}

Here is the code. So the idea is that if its not the page or a resource from the outage page them I expect it to be redirected to the outage page. Seemingly very simple. We run cookie persistence on the VS. The default pool is a set of apache webservers.

You are doing an event disable all in the event of redirecting due to the site being down, assuming you are using this to prevent other iRules from triggering once against that request.

This could be an issue as all future HTTP request from the same connection will not be processed by any iRules as not events will be triggered.

Configure the following LTM traffic policy and assign to the Virtual Server to ensure all events are enabled for each HTTP request hitting the Virtual Server even if from the same TCP connection:

ltm policy /Common/tcl_event_enable_all {
    requires { tcp http }
    rules {
        enable_all {
            actions {
                0 {
                    tcl
                    set-variable
                    expression "tcl:[event enable all]"
                    name eventEnableAll
                }
            }
            ordinal 1
        }
    }
    strategy /Common/first-match
}

We run oneconnect on our virtual servers and all else seems to work fine. Ideally I'm trying to avoid reconfiguring the VS as much as possible. I'm looking into presenting the page from F5 which in essence seems like a much simpler solution, however presents its own set of queries which I'll raise in another thread. If that proves to be restrictive then I'll look further down this route you've presented here.

Many thanks all.