Forum Discussion
Bob_Olson_10988
Nov 20, 2007Nimbostratus
FYI, after some more testing this iRule seems to do the trick.
Tibco iRule v1.3 - 11/19/2007
This iRule will search for a string in the payload of an HTTP request and make a decision
on which pool to send the request to and optionally log to /var/log/ltm . IT will also
verify that the client connecting is a trusted IP address.
when HTTP_REQUEST {
After the client connects, inspect the payload and look for MUULTICARD_AUTH.
if { [findstr [HTTP::payload] " If the string is found then send a log stating that and send it to pool with Tibco servers in it.
log local0. "MULTICARD_AUTH Found sending request to TIBCO Pool, server [LB::server addr]."
pool soaq-ccauth
If the string isn't found then we direct them to a pool of nothing but Webmethods servers in it.
} else {
log local0. "String not found sending to Webmethods only pool."
pool wbomxrealq_5080
}
Once the load balancer makes a decision to send the request to a pool member, we check
to see if the pool member is a Tibco server. If the member is a Tibco server then we
check to see if the client is in the allowed hosts datagroup. If the client doesn't exist,
then the connection is dropped.
}
when LB_SELECTED {
Get node address and check it against the tibco_servers class.
Get client IP address and check it against the tibco_datagroup class
If the client IP isn't in the class the connection gets dropped and logged.
if { [matchclass [LB::server addr] equals $::tibco_servers ] and
not ([matchclass [IP::client_addr] equals $::tibco_datagroup])} {
drop
log local0. "Client, [IP::client_addr], not authorized to connect to Tibco server [LB::server addr]." } else {
Log which member/node in the pool the client was sent to.
log local0. "Sent request from [IP::client_addr] to server [LB::server addr]" }
}