Forum Discussion
hooleylist
Sep 08, 2011Cirrostratus
There isn't much you could save by trying to combine the iRules or share variables across them. However, you can optimize both rules separately:
logging iRule
when CLIENT_ACCEPTED {
set hsl [HSL::open -proto UDP -pool pool_syslog_514]
}
when HTTP_REQUEST {
Save the request components we want to log in the response
set log_string <190> src_ip=[IP::client_addr], dest_vip=[HTTP::host],http_method=[HTTP::method],\
http_uri=[HTTP::uri], http_version=HTTP/[HTTP::version]"
}
when HTTP_RESPONSE {
HSL::send $hsl "$log_string, return_code=[HTTP::status]"
}
Pool selection iRule
when HTTP_REQUEST {
switch -glob [HTTP::path] {
"/123/help*" {
poolserverpool01_8080
persist none
}
"/123/petsemail*" {
poolserverpool02_8080
persist none
}
"/123/profileeditor*" {
poolserverpool03_8080
persist none
}
"/123/activitystream*" {
poolserverpool04_8080
persist none
}
"/123/core*" {
poolserverpool05_8080
persist none
}
"/123/*" {
poolserverpool06_8080
persist none
}
"/admin*" {
if { [IP::addr [IP::client_addr] equals 10.1.1.1] or \
[IP::addr [IP::client_addr] equals 10.50.1.1 or \
[IP::addr [IP::client_addr] equals 10.100.1.1 } {
poolpool_qlaxorin_8080
} else {
HTTP::respond 404 content { 404 Not Found }
}
}
default {
HTTP::respond 404 content { 404 Not Found }
}
}
}
I haven't tested the iRules, but hopefully they give you an idea of how you can make these more efficient.
Also, you could add the hosts/networks you want to allow access to the /admin URIs from to an address type datagroup and then use the class command to do the lookup.
Aaron