Forum Discussion

Gauthier_FRIDIE's avatar
Gauthier_FRIDIE
Icon for Nimbostratus rankNimbostratus
May 01, 2019
Solved

Policy action getting overwrote by irule

Hello Everyone,

I'm currently using irule to publish application (filtering by URL). At the end of the irule I have a redirect by default.

 

when HTTP_REQUEST {set path [string tolower [HTTP::path]]
   switch -glob [string tolower [HTTP::host]] {

     "example.com" 
    {
         pool example-com-pool
    }

    default {
        HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]" 
    }
}

 

I'm having an issue migrating from irule to ltm policies. I have this rule.

My policy rule is matching (Thanks to the log action).

But the forward traffic action is not working. I'm redirected to https by the default condition of the irule.

So it looks like the irule is overwroting what my policy is doing.

Anyone encountered this issue ?

Thanks!

application delivery
irule
iRules
LTM
ltm policy
  • Gauthier_FRIDIE's avatar
    Gauthier_FRIDIE
    May 08, 2019

    I found the solution. You can find if a pool is already selected.

    [LB::server pool] will give you the name of the pool selected (or nothing) for example: /Common/example-com-pool

    So the solution in my case to avoid the default case to overwrite what my policy did.

     

    default {
    if { ! ([LB::server pool] starts_with "/Common/") } {
        log local0. "DEBUG – pool not selected"    
        HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]" 
    }
}

     

    NB: For the random googler coming accros this question you can also catch if a redirect was already performed (by your policy) with this ([catch {HTTP::payload replace 0 0 {}}])

3 Replies

Sort By
  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    May 01, 2019

    When working with policies and irules, all policies / irules are executed for the same event before action is really applied...

     

    If you assign a policy and an irule to the virtual server, policy code execute first but does not prevent irule execution...

     

    If you don’t want the irule execute, create a tcl variable in policy with value 1 then check if this variable value is 1 in irule...

     

  • Gauthier_FRIDIE's avatar
    Gauthier_FRIDIE
    Icon for Nimbostratus rankNimbostratus
    May 08, 2019

    I found the solution. You can find if a pool is already selected.

    [LB::server pool] will give you the name of the pool selected (or nothing) for example: /Common/example-com-pool

    So the solution in my case to avoid the default case to overwrite what my policy did.

     

    default {
    if { ! ([LB::server pool] starts_with "/Common/") } {
        log local0. "DEBUG – pool not selected"    
        HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]" 
    }
}

     

    NB: For the random googler coming accros this question you can also catch if a redirect was already performed (by your policy) with this ([catch {HTTP::payload replace 0 0 {}}])

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    May 08, 2019

    If you are working with version 14.X, you can do the same within the policy.

    create a policy rule at the end (named default for example):

    • without any condition
    • with action http-reply redirect
      • in options, select 301 response code (new in version 14.X)
      • in Location, use tcl:https://[HTTP::host][HTTP::uri]