Forum Discussion
JamesSevedge_23
Feb 23, 2016Historic F5 Account
Based on your question it seems like you are trying to receive requests from users at site.com/login and if it gets load balanced to server 1 changed the uri to be site.com/one, and site.com/two for server 2 etc.. Is that correct? How come each server can't have /login as the URI? Or at least one uri the same for all servers such as "/internallogin"? If that is the case the below iRule should work for simple redirection.
when HTTP_REQUEST {
if {[HTTP::uri] contains "/login"} {
HTTP::uri /internallogin
pool /Common/poolname
}
}
- JamesSevedge_23Feb 23, 2016Historic F5 AccountAlthough you could try something like the iRule below to accomplish the URI rewrite. For HTTP_RESPONSE you may need to rewrite it back to /login though using "when HTTP_RESPONSE". when HTTP_REQUEST_SEND { clientside { switch [LB::server addr] { "1.1.1.1" { HTTP::uri /one } "1.1.1.2" { HTTP::uri /two } "1.1.1.3" { HTTP::uri /three } } } }
- sysop_182859Feb 23, 2016NimbostratusI wish the backend servers would function like every other web server I've seen! The issue with that code though is the user will always come in with /login and would always be changed to /internallogin before a load balanced decision is made. In that case a user would always be sent to a particular pool with, at least from what I'm thinking, wouldn't change. Unless there was some sort of loop or check to see if a cookie is present maybe. I figured it would be easier to change the uri destined to the server after LTM has already made a decision, then depending on the server it chose use the appropriate uri. Additionally, if possible I'd like for the user to not see what is happening behind the scenes. It isn't really a security concern necessarily, but I think it would be cleaner if they didn't see the change. What you state initially is exactly what I'm looking for.
- JamesSevedge_23Feb 23, 2016Historic F5 AccountI would suggest the iRule I mentioned in my follow up comment then to rewrite the request based on lb decision made. I copied it again below. Just keep in mind you will need to rewrite the reponse coming back to fulfill your requirement that the user always think it is /login. The way to rewrite that would be to use the "when HTTP_RESPONSE" and then run the HTTP::uri command and change it back to /login if the response uri equals /one, /two or /three.
 
Referencing this... https://clouddocs.f5.com/api/irules/LB__server.html 
 
when HTTP_REQUEST_SEND { clientside { switch [LB::server addr] { "1.1.1.1" { HTTP::uri /one } "1.1.1.2" { HTTP::uri /two } "1.1.1.3" { HTTP::uri /three } } } } - sysop_182859Feb 23, 2016NimbostratusAhh, yes that's basically what I just put in so I'm on the right track at least haha. Now I'm just running into errors with the response part. I put: when HTTP_RESPONSE { if { ([HTTP::uri] ends_with "/one") } { HTTP::uri /login elseif {([HTTP::uri] ends_with "/two")} HTTP::uri /login elseif {([HTTP::uri] ends_with "/three")} HTTP::uri /login }
- sysop_182859Feb 23, 2016NimbostratusIt says command is not valid in current event context (HTTP_RESPONSE)][HTTP::uri]. Looking that up now.
- JamesSevedge_23Feb 23, 2016Historic F5 AccountActually, I just had to double check and unfortunately the HTTP::uri cannot be used in the context of HTTP_RESPONSE as it is an HTTP protocol limitation, not F5's unfortunately. https://devcentral.f5.com/s/feed/0D51T00006i7SAqSAM
- JamesSevedge_23Feb 23, 2016Historic F5 AccountCorrect, it cannot be modified in http response. I would suggest traffic testing with just the http request piece of it and see the results you get and then determine what needs to be rewritten in the response to get to your desired result.
- sysop_182859Feb 23, 2016NimbostratusGotcha. Ok, trying without that however still doesn't bring me to the expected page, or any web page for that matter. I was trying to tail /var/log/ltm as well with most the LTM settings to debug, but I'm not seeing much. I suppose logging must be written into the irule first. Interestingly it doesn't bring up anything at all. I would expect at least a 404 from the server.
- sysop_182859Feb 23, 2016NimbostratusNo, wait that part was my fault. I'm getting a response now. Ok, getting closer!!
- sysop_182859Feb 23, 2016NimbostratusSo it seems to not want to change the uri... HTTP::uri /one log local0. "[HTTP::uri]" The logging output still shows /login as the uri, and the server does not see /one heading in it's direction. The logic here seems clear though, when sending a request from the F5 change the uri to blah. Headscratcher....