Forum Discussion

HG's avatar
HG
Icon for Cirrus rankCirrus
Mar 05, 2018

Cookie persistence + i-rule "switch" command question.

Hi all.I am facing a problem with a strange behavior. I've got 1 virtual server where cookie persistence (cookie insert) is used as primary method and source IP address as a fallback. On this VS an irule is used in order to allow access to specific paths.

when HTTP_REQUEST
{
    set lowCaseURI [string tolower [HTTP::uri]]
    if {[HTTP::host] equals "mysite"}
    {
        switch -glob $lowCaseURI
        {
            "/api/test1/*" -
            "/api/test2/*"
            {
            log local0. "permit"
            pool test
            }
            "/home/myhome.asmx*"
            {
            log local0. "permit2"
            pool home
            }
        }   
    }
    else
    {
    drop
    log local0. "drop"
    }     
}

The issue is that when someone access for example the /api/test1 url then user is able to access as well other urls ander api such as /api/test12345/ok. What we observed is that in case someone goes directly to /api/test12345/ok then irule works and the request is not allowed. In my mind something is related to the persistence but even if we delete the cookie, source address is the fallback. Does anyone know why is this happening ? Is the event default drop missing from the switch command ?

Thanks

application delivery
BIG-IP
iRules

1 Reply

Sort By
  • Leonardo_Souza's avatar
    Leonardo_Souza
    Icon for Cirrocumulus rankCirrocumulus
    Mar 05, 2018

    "/api/test1/*" does not match /api/test12345/ok.

     

    You must have an HTTP profile to use that iRule, so every HTTP request will trigger the iRule. If you use the pool commands as you are doing, that overwrites the persistence.