iRule hostname

Question

I have a question and am fairly new to irules. I have a web application using a one armed configuration. This was setup when I took the environment over and kind of am stuck with it. The developers just added a link on all three webservers. When clicked, it goes out to the internet, around the F5 (this is a one armed config) and makes a request to a server offsite via HTTPS. The offsite server then, sends a request via HTTPS into a proxy in our DMZ. The proxy then makes an HTTP call to the bigip. My guess is, the Bigip will treat this like a new connection and send it to the next host in the load balancing pool. The connection will probably fail due to knowing nothing about an existing connection. Would it be possible to write an irule to look at the original hostname of the server behind the bigip and and send it to a specific pool member? Or any other key information IP address?

chris_miller · Answer

You can enable "loose-open" and "loose-close" on your protocol profile to allow the connection, and the iRule could certainly be created to point certain hostnames to certain pool members.

jason_l_40779 · Answer

thanks chris.  So basically a FastL4 profile with open loose and open close with the irule. &nbsp;

chris_miller · Answer

If I recall, doing FastL4 keeps you from using L7 iRules. I'd give this a shot using a standard VS because I want to see whether that proxy does a 3-way handshake to the BIG-IP before making the HTTP call or not...you might not have to do loose-open or loose-close.

jason_l_40779 · Answer

Yes, correct. I cannot do an HTTP profile and look at HTTP packet with a FastL4. I'm thinking of using a standard port 80 with no pool associated with it. All load balancing decisions would be made by the irule looking for a certain source hostname. The Bigip is basically just going to direct that taffic to a webserver. Hopefully when it gets to the correct webserver, it will know what to do with this. This is a pretty crummy App that cannot even use an HTTP cookie correctly. I had to switch to a source address persistence profile last spring. Now it's just figuring out how to code the Irule. Of course they want this in production by wendesday morning with no test environment..

chris_miller · Answer

the iRule is pretty simple...just depends on how many host names and how many pool names you have.

when HTTP_REQUEST {
if { [string tolower [HTTP::host]] contains "x" } {
pool x member 1.1.1.1 80 } 
else { pool x member 1.1.1.2 80 } 
}

Just replace contains x and your pool name/member with what you're trying to send. 
  
 http://devcentral.f5.com/wiki/default.aspx/iRules/pool.html has some good detail on the pool command.

Forum Discussion

iRule hostname

6 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Rewrite HTTP Redirect Hostname

Redirect single URL (hostname) only.

hostname redirect for public IPs only

Irule Vs rewrite - FQDN hostname

Changing vcmp guest hostname?