using two irules in VS

Question

So we currently have a single large irule on a website. Website will be down for maintenance over the weekend. Need a Sorry maint page redirect for external clients but normal processing for internal testing. So if I add the 1st iRule to the VS to redirect external traffic, the internal traffic not be affected by 1st irule and would continue with 2nd normal irule, correct? In other words, traffic hits 1st if IP is external you get redirect, if IP is internal 1st iRule skips and 2nd iRule is applied....see below.
!&nbsp;
1st iRule
!
when HTTP_REQUEST { 
   if { [IP::addr [IP::client_addr] equals 10.0.0.0/8] } {
       nothing to do, bypass and process 2nd iRule
   } else {
      HTTP::redirect "https://www.mysite.com/Portals/0/Documents/Learn/LPCFAQs 
      /mocket.png?ver=2016-06-06-090820-970&amp;timestamp=14655037dr5494"
 }
}&nbsp;
!=======
! 2nd iRule
!
when HTTP_REQUEST {
     if {[string tolower [HTTP::host]] eq "mysite.com" } {
        HTTP::redirect "https://www.mysite.com[HTTP::uri]"
     }
      elseif { ([string tolower [HTTP::host]]) contains "mysite.com" } {
          switch -glob -- [string tolower [HTTP::uri]] {
          "payment3" -
          "*paymentpakc" {
              pool PayPool_1 
          }
          "/hotcat" {
           HTTP::redirect "https://paynets.my2site.com/fnFProvider/fnFProvider.asp?
           app=HCEnrollment&amp;wanted=BESTONFIRM&amp;BeneforYear=2011&amp;BenefitType=N"
          }
          "/autodiscover/autodiscover.xml" {
            HTTP::redirect "https://optoutcover.my3site.com/AutoDiscover/AutoDiscover.xm
          !
          ! truncated&nbsp;

hannes_rapp · Answer

Add event disable function to your 1st iRule, after the redirect statement. This will make sure you won't trigger tcl errors of type "multiple redirect/response invocation" when a customer outside 10.0.0.0/8 network requests your website without the preceding 'www.' during maintenance. Any time this tcl error is triggered, a customer will get a "Connection has been reset" error instead of seeing the maintenance page.
Also, rather than using HTTP::redirect, it's better to use HTTP::respond with a Connection=Close header to ensure customer will tear down the existing TCP connection. If a long-lived session prevails, customer may still get the maintenance page upon page refresh even after you have removed the 1st iRule from the VS.
I'd use the following markup myself: ('event disable' function is mandatory, any other amendments are optional recommendations)
priority 499
when HTTP_REQUEST {
  if { not ([IP::addr [IP::client_addr] equals 10.0.0.0/8]) } {
    HTTP::respond 302 Location "https://www.mysite.com/Portals/0/Documents/Learn/LPCFAQs/mocket.png?ver=2016-06-06-090820-970&amp;timestamp=14655037dr5494" Connection Close
    event disable
  }
}

noahshelton_237 · Answer

If you are stacking two irules that use duplicate event type on the same connection (in this case when HTTP_REQUEST) you can use the 'priority' parameter to adjust which one is executed on a connection first.¬†
Good break down here : https://devcentral.f5.com/s/articles/stacking-irules-a-modular-approach¬†

vijay_e · Answer

I wish the formatting was better. You can stack iRules but from an operational perspective, it can get ugly quickly. Normally, stick with a single iRule per VS if possible as it is way more easier to troubleshoot and manage.

Forum Discussion

using two irules in VS

3 Replies

Recent Discussions

Advise on setting up IRULE

google autenticator broken barcode

Port Group on F5OS network setting

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Unwinding the Benefits of Investing in White Label Crypto Wallet

Related Content

iRules Heat Map - US Only

Assistance with iRule using port ranges

use irule to sign data using sha256

Use iRule to control choosing which SSL certificate to use based on SNI

Rate limiting GraphQL API query using iRule and Advanced WAF Violation