Thursday, May 24, 2018

Simple Code of iRule to Route traffic to Specific Node and Block IP

Symptom:

  We have 2 or more miditers running behind F5 bigip, we need to login specific node via bigip, instead of chosen by bigip itself.  It is useful to debug issues on specific nodes


Solution:

 Use url like
https://testapp.test.com/myapps?mynode=112.68.136.22
Below code to grab the IP address and use this IP to specific node in the bigip pool.

when HTTP_REQUEST {
set nodeselect [findstr [string tolower [HTTP::uri] ] "mynode=" 7 ";" ]
if { $nodeselect != "" } {
if { [HTTP::cookie exists "JSESSIONID"] } {
persist delete uie [string tolower [HTTP::cookie "JSESSIONID"]] 
} else {
set jsess [findstr [string tolower [HTTP::uri]] "jsessionid" 11 ";"]
if { $jsess != "" } {
persist delete uie $jsess 
}
}
pool "testapp.test.com_pool" member $nodeselect 7777
}
}


Add IP to be blocked in testapp_addresses_to_block data group, then use below irule code
when CLIENT_ACCEPTED {
     if { [class match [IP::remote_addr] equals testapp_addresses_to_block] } {
       discard
       event disable all
     }
}

No comments: