Forum Discussion

Kevin_Davies_40's avatar
Kevin_Davies_40
Icon for Nacreous rankNacreous
Apr 08, 2017

New launch inside existing connection

The following pseudo code of an actual iRule is designed to set a cookie with address of the backend service. Once set it then serves them the service through the virtual server.

 

if uri path is /select
  lookup node address in class using query parameters
  set cookie with encoded value as a redirect to "/"
  exit now
end

if cookie detected
  decode cookie
    decrypt cookie
      select node address
      [disable this event]
else
  reject traffic
end

Originally it would only run once as the event was disabled after the node service was selected for load balancing. Since you can only load balance per connection this is ideal. On further testing it was discovered if a person then selected a different service using /select in the same browser window it would not detect this as the event was disabled.

 

When we removed the event disable this fixed the problem. However it's now decrypting the cookie for every HTTP request when we really only want it to decrypt a cookie for a new request. So my question is how to achieve this. I can set a variable however that relies on the redirected page request coming through through the same TCP connection and I can't guarantee this.

 

application delivery
iRules

2 Replies

Sort By
  • Kai_Wilke's avatar
    Kai_Wilke
    Icon for MVP rankMVP
    Apr 09, 2017

    Hi Kevin,

    You may take a look to the iRule below.

    The iRule uses an extended control structure to detect if the previous HTTP request on the same connection had used the same HTTP cookie value. If the cookie value is the same, the cookie decodings/decryptions/node selections can be savely skiped to reduce CPU overhead. 

    when CLIENT_ACCEPTED {
    set last_cookie ""
}
when HTTP_REQUEST {
    if { [HTTP::path] eq "/select" } then {
         Compute cookie
         Redirect while injecting cookie
    } else {
        if { $last_cookie eq "X[HTTP::cookie value "MyCookie"]" } then {
             Skip cookie parsings and node selection
        } elseif { [HTTP::cookie value "MyCookie"] ne "" } then {
             Decode Cookie
             Decrypt Cookie
            if { $decrypted_cookie ne "" } then {
                 Select Node
                set last_cookie "X[HTTP::cookie value "MyCookie"]"
                 Note: Dont remove the X. Its not a typo, but very important! :-)
            } else {
                reject
            }   
        } else {
            reject
        }
    }
}

    Cheers, Kai