Forum Discussion
Chris_Miller
Sep 17, 2010Altostratus
I've heard SSL is a bad persistence strategy because of the constant re-negotiations...
Here are some good reads:
http://devcentral-sea.f5.com/Forums/tabid/1082223/asg/50/showtab/groupforums/aff/5/aft/5702/afv/topic/Default.aspx
http://www.f5.com/solutions/applications/microsoft/windows-terminal-server/
http://devcentral.f5.com/Forums/tabid/1082223/asg/50/showtab/groupforums/aff/5/aft/32250/afv/topic/Default.aspx32284
Here's a rule Jason did:
when CLIENT_ACCEPTED {
TCP::collect
}
when CLIENT_DATA {
TCP::collect 25
binary scan [TCP::payload] x11a* msrdp
if { [string equal -nocase -length 12 $msrdp "cookie: msts"] } {
set msrdp [string range $msrdp 12 end]
set len [string first "\n" $msrdp]
if { $len == -1 } {
Didnt get whole cookie collect more
TCP::collect
return
}
if { $msrdp starts_with "hash=" } {
No session directory - username used instead
if { $len > 5 } {
incr len -1
set record [string tolower [string range $msrdp 5 $len] ]
log "adding persistence record - $record"
persist uie $record 1801 adjust your timeout (in seconds)
} else {
log "No username - not persisting"
}
}
} else {
log "Cookie not found"
}
TCP::release
}
And John's rule in the last link:
when CLIENT_ACCEPTED {
TCP::collect
}
when CLIENT_DATA {
TCP::collect 25
binary scan [TCP::payload] x11a* msrdp
log local0. "Contents after binary scan: $msrdp"
if { [string equal -nocase -length 17 $msrdp "cookie: mstshash="] } {
set msrdp [string range $msrdp 17 end]
set len [string first "\n" $msrdp]
if { $len == -1 } {
TCP::collect
return
}
if { $msrdp contains "@" } {
log local0. "Setting data to: [getfield $msrdp "@" 1]"
set username [getfield $msrdp "@" 1]
} elseif { $msrdp contains "\\" } {
log local0. "Setting data to: [getfield $msrdp "\\" 3]"
set username [getfield $msrdp "\\" 3]
} else {
set username $msrdp
log local0. "Setting data to: $msrdp"
}
set finalusername [string tolower $username]
set finalusername [string trim $finalusername]
log local0. "User Being Persisted is: |$finalusername|"
persist uie $finalusername 10800
}
TCP::release
}