Forum Discussion

MW1's avatar
MW1
Icon for Cirrus rankCirrus
Jul 02, 2010

Is this feasible - match uri value from local value in file?

All,

 

my company has asked me if it is possible to match a URI in a request from a value in a local file, if the value matches the F5 would then insert a encrypted cookie with the client IP (following the Cookie LoJack on the site) before allowing the user to access the backend server where they can log in. They hope to provide a new value to the users & the F5 approx every 20-30 minutes, as the users are out on the internet I'm presuming I will need to support 2 values due to the possible differences in timing between the F5 receiving the new URI string and the users. Does this sound feasible?

 

 

regards

 

W60

 

 

 

application delivery
dev
devops
iRules

2 Replies

Sort By
  • Chris_Miller's avatar
    Chris_Miller
    Icon for Altostratus rankAltostratus
    Jul 03, 2010
    When you say "local file" - do you mean local to the F5? It sounds like you might be able to use datagroups for this.

    http://devcentral.f5.com/wiki/default.aspx/iRules/matchclass.html

    You'll want to do the following:

    Create a "string" type datagroup with a string of the value you mentioned. Let's call it "test"

    Now, you'll create an iRule like the one below: 

    when HTTP_REQUEST {

     if { [matchclass [HTTP::uri] eq $::test] } {
HTTP::cookie insert name "x" value "[IP::client_addr]" } }

    That's obviously not encrypted - but you get the idea.

    As far as the "value changing" goes - you might simply have two different strings in your datagroup - those are very scalable and easy to manage.
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jul 04, 2010
    As Chris suggested, you could use a datagroup to store the values you want to check the URI against. You'd probably want to set a variable in the request tracking whether to insert a cookie in the response this could be based on the URI and/or whether the request contains a valid cookie. You could then check that variable in HTTP_RESPONSE and use HTTP::cookie insert and HTTP::cookie encrypt to set an encrypted cookie. See the HTTP::cookie wiki page for details:

     

     

    http://devcentral.f5.com/wiki/default.aspx/iRules/http__cookie

     

     

    Aaron