Forum Discussion

Adrian_Daminato's avatar
Adrian_Daminato
Icon for Nimbostratus rankNimbostratus
Sep 27, 2017

Logic order for profile vs policy vs iRule

We're looking at how some of our legacy iRules can be converted to LTM Policies, as well as trying to optimize some of our work flows. We discovered that our public API traffic has about 10-15% of OPTIONS method calls, and wanted to see if we could bypass our compression profile.

Our current VS looks as follows, on our staging environment

ltm virtual /Common/api-staging-443 {
destination /Common/10.1.1.100:443
ip-protocol tcp
mask 255.255.255.255
persist {
    /Common/src_addr_stream {
        default yes
    }
}
policies {
    /Common/add-x-remote-addr { }
}
pool /Common/api-staging-1234
profiles {
    /Common/wan-optimized-compression
    /Common/api-staging-client-ssl {
        context clientside
    }
    /Common/http { }
}
rules {
    /Common/api-connection-ratelimit
}
source 0.0.0.0/0
translate-address enabled
translate-port enabled
}

The policy we are looking to add is as follows:

ltm policy /Common/Drafts/test-options-response {
controls { compression }
last-modified 2017-09-27:14:01:29
requires { http }
rules {
    test-options-response-disable-compression {
        actions {
            0 {
                compress
                response
                disable
            }
        }
        conditions {
            0 {
                http-method
                values { OPTIONS }
            }
        }
    }
}
strategy /Common/first-match
}

The question we have is will this bypass the logic applied by the compression profile (which will look for content-length > 1024), since we know OPTIONS requests will always have a content-length of zero? Or does the TMM already have this short-circuit logic built into the proxy chain?

1 Reply

  • Hi,

     

    Trying to change compression on a options method is useless.

     

    Compression only applies to content, not to headers.

     

    Options method doesn’t expect any content, so there is no compression applied.

     

    To reply to the title:

     

    • virtual server is configured with profiles. If no policy or irule change it, the profile is applied to vs.
    • if both policy and irule are enabled on the vs and condition share the same event, policy is evaluated first.
    • all irules assigned on a vs are evaluated even if a policy rule matches before on the same event.