# Goal to allow people to server123.bar.foo.com/.../* if they come from an approved subnet. Additionally we'll redirect server123.bar.foo.com to server123.alt.foo.com or give them a 302 if they ask for a destination not defined
Output we are getting:
src_ip=[IP::client_addr] src_port=[TCP::client_port] -> lb_ingress_ip=[IP::local_addr] lb_ingress_port=[TCP::local_port]
Expect output:
should be src_ip=10.10.10.10 src_port=1025 -> lb_ingress_ip=192.168.1.1 lb_ingress_port=443
It does not appear to be grabbibng/passing the variables.
Any help would be greatly appreciated. Thank you in advance.
###########
# STAGE 0 #
###########
when RULE_INIT {
# Variables defined in this event are global across the F5 and share the same namespace with all other iRules. Any other irule that also sets a variable with the same name in another RULE_INIT event will overwrite the previously set value.
# Change to "1" to enable debugging log statements.
# Using this breaks variable substition and shows [IP::local_addr] in the logs instead of the actaul value
set static::debug 1
set static::irule_name "MyApp_Custom_irule"
}
###########
# Stage 1 #
###########
when CLIENT_ACCEPTED {
# Note that IP::local_addr and TCP::local_port change values depending on if CLIENT_ACCEPTED or SERVER_CONNECTED
# See clouddocs.f5.com/.../IP.html for more details
set static::ltm_vip [IP::local_addr]
set static::ltm_port [TCP::local_port]
if { $static::debug != 0 } then {
log "Initial client accepted | **FLOW0** src_zone=UNK src_ip=[IP::client_addr] src_port=[TCP::client_port] -> lb_ingress_ip=[IP::local_addr] lb_ingress_port=[TCP::local_port] | **FLOW1** lb_egress_ip=- lb_egress_port=- -> dest_ip=- dest_port=- | irule=$static::irule_name action=evaluate | load_balancer_type=f5 stage=CLIENT_ACCEPTED "
}
if { [class match [IP::client_addr] equals zone1_MyApp_Networks ] } then {
set static::src_zone "zone1"
log "Initial client accepted | **FLOW0** src_zone=$static::src_zone src_ip=[IP::client_addr] src_port=[TCP::client_port] -> lb_ingress_ip=[IP::local_addr] lb_ingress_port=[TCP::local_port] | **FLOW1** lb_egress_ip=- lb_egress_port=- -> dest_ip=- dest_port=- | irule=$irule_name action=allow | load_balancer_type=f5 stage=CLIENT_ACCEPTED "
} else {
log "Did not match any datagroups for client; dropping the flow. | **FLOW0** src_zone=UNK src_ip=[IP::client_addr] src_port=[TCP::client_port] -> lb_ingress_ip=[IP::local_addr] lb_ingress_port=[TCP::local_port] | **FLOW1** lb_egress_ip=- lb_egress_port=- -> dest_ip=- dest_port=- | irule=$irule_name action=drop | load_balancer_type=f5 stage=CLIENT_ACCEPTED | ErrorCode=F5-001 "
drop
}
}
###########
# Stage 2 #
###########
when SERVER_CONNECTED {
set static::dest_ip [IP::server_addr]
set static::dest_port [TCP::server_port]
log "Successfully established connection to backend server. | **FLOW0** src_zone=$static::src_zone src_ip=[IP::client_addr] src_port=[TCP::client_port] -> lb_ingress_ip=$static::ltm_vip lb_ingress_port=$static::ltm_port | **FLOW1** lb_egress_ip=[IP::local_addr] lb_egress_port=[TCP::local_port] -> dest_ip=[IP::server_addr] dest_port=[TCP::server_port] | irule=$static::irule_name action=allow | load_balancer_type=f5 stage=SERVER_CONNECTED "
}
###########
# Stage 3 #
###########
when HTTP_REQUEST {
set static::http_method [HTTP::method]
set static::http_uri [HTTP::uri]
set static::http_host [HTTP::host]
switch -glob [ string tolower [HTTP::host] ] {
"server123.bar.foo.com" {
if { [HTTP::uri] starts_with "/api/" } then {
set static::new_host "server123.alt.foo.com"
HTTP::header replace Host $static::new_host
log local0. "FrontEnd=MyApp | **FLOW0** src_zone=$static::src_zone src_ip=[IP::client_addr] src_port=[TCP::client_port] -> lb_ingress_ip=$static::ltm_vip lb_ingress_port=$static::ltm_port | **FLOW1** lb_egress_ip=[IP::local_addr] lb_egress_port=[TCP::local_port] -> dest_host=$static::new_host dest_port=443 | irule=$static::irule_name action=allow | load_balancer_type=f5 stage=HTTP_REQUEST | orig_host=[HTTP::host] dest_host=$static::new_host request_method=[HTTP::method] URI=[HTTP::uri] status_code_from_server=- user_agent=[HTTP::header User-Agent] "
pool MyApp_server123_443
} else {
HTTP::respond 302 Location "">www.bar.foo.com/error_bad_url.html"
log local0. "FrontEnd=MyApp | **FLOW0** src_zone=$static::src_zone src_ip=[IP::client_addr] src_port=[TCP::client_port] -> lb_ingress_ip=$ltm_vip lb_ingress_port=$ltm_port | **FLOW1** lb_egress_ip=[IP::local_addr] lb_egress_port=[TCP::local_port] -> dest_ip=- dest_port=- | irule=static::irule_name action=deny | load_balancer_type=f5 stage=HTTP_REQUEST | dest_host=- request_method=[HTTP::method] URI=[HTTP::uri] status_code_from_server=- user_agent=[HTTP::header User-Agent] | ErrorCode=F5-405 "
}
}
default {
HTTP::respond 302 Location "">www.bar.foo.com/error.html"
log local0. "FrontEnd=MyApp | **FLOW0** src_zone=$static::src_zone src_ip=[IP::client_addr] src_port=[TCP::client_port] -> lb_ingress_ip=$static::ltm_vip lb_ingress_port=$static::ltm_port | **FLOW1** lb_egress_ip=[IP::local_addr] lb_egress_port=[TCP::local_port] -> dest_ip=- dest_port=- | irule=$static::irule_name action=deny | load_balancer_type=f5 stage=HTTP_REQUEST | orig_host=$static::http_host dest_host=- request_method=[HTTP::method] URI=[HTTP::uri] status_code_from_server=- user_agent=[HTTP::header User-Agent] | ErrorCode=F5-404 "
}
}
}
###########
# Stage 4 #
###########
when HTTP_RESPONSE {
log local0. "FrontEnd=MyApp | **FLOW0** src_zone=$static::src_zone src_ip=[IP::client_addr] src_port=[TCP::client_port] -> lb_ingress_ip=$static::ltm_vip lb_ingress_port=$static::ltm_port | **FLOW1** lb_egress_ip=[IP::local_addr] lb_egress_port=[TCP::local_port] -> dest_host=$static::new_host dest_port=443 | irule=$static::irule_name action=allow | load_balancer_type=f5 stage=HTTP_RESPONSE | orig_host=$static::http_host dest_host=$static::new_host request_method=$static::http_method URI=$static::http_uri status_code_from_server=[HTTP::status] user_agent=[HTTP::header User-Agent] "
}
