Welcome!

@CloudExpo Authors: Zakia Bouachraoui, Elizabeth White, Liz McMillan, Pat Romanski, Roger Strukhoff

Related Topics: @CloudExpo, Machine Learning

@CloudExpo: Blog Feed Post

20 Lines or Less: Selective SSL, Port Stripping and Headers

The Flexibility and Power of iRules

What could you do with your code in 20 Lines or Less? That's the question I ask (almost) every week for the devcentral community, and every week I go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head.

With the onslaught of work required to get DC5 up and running it’s been a while since I’ve offered some cool iRule goodness to the community from the community.  There have been plenty of examples cruising through the forums, that’s for sure, I just haven’t had the time to comb through all of them or write them up.  Now that I can again see the light of day, allow me to share a some good ones with you.

 

Disabling SSL to one backend pool

We’ve looked at ways to selectively disable SSL before, but this example had an interesting twist that I thought was…well…interesting.  The idea here is to selectively disable SSL only on the back end of the connection, not the entire thing.  The client should always be encrypted but the server can, in some cases, be plain-text to try and cut down on overhead.  Cool idea, and here’s a look at how to make it work, according to a good example by user Alok.

when HTTP_REQUEST {
set my_uri [string tolower [HTTP::uri]]
if { $my_uri starts_with "/secure" } {
pool ssl__pool
} else {
SSL::disable serverside
pool static_pool
}
}

 

Hash persistence based on true-client IP

Here’s a user that’s trying to work around a limitation in the content distribution service they’re using.  They want to use an iRule to perform hash based persistence based on a header supplied giving the client’s IP address.  Hoolio, as is often the case, springs into action and whips up a nifty little example making use of lindex and active_members –list that gets the job done.

# Check if the active_members command returns an entry which can be split on a space into two variables
if {[active_members app_http_pool]}{
if {[scan [lindex [active_members –list app_http_pool] [expr {[md5 $tcip_header] % [active_members app_http_pool]}]] {%s %s} ip port] == 2}{
# Select the pool member IP and port
pool app_http_pool member $ip $port

# Exit from this event in this rule
return
}
# Take some default action if the pool is down or scan didn't parse the output?
}

 

Removing port numbers from redirects

If you’re looking to strip port locations from your redirects, then boy do I have the rule for you.  Well, it’s not my rule, really, but I get to share more of Aaron’s work with you, which is a regular and enjoyable part of my jobs these days, it seems.  The one man juggernaut has knocked out a quick little header replacement rule using string map and the fun HTTP::is_redirect command to get this job done.

when HTTP_RESPONSE {
if { [HTTP::is_redirect] } {
if { [HTTP::header Location] contains "www.acme.com:10040" } {
log local0. "Original Location value: [HTTP::header Location]"
HTTP::header replace Location [string map -nocase {www.acme.com:10400 www.acme.com} [HTTP::header value Location]]
}
}
}
when HTTP_RESPONSE priority 501 {
if { [HTTP::is_redirect] } {

# Debug logging only. Remove this event once done testing
log local0. "Updated Location value: [HTTP::header Location]"
}
}

Check back next week for some more examples of awesome things you can do with iRules in only a few lines of code.

#Colin

Read the original blog entry...

More Stories By Colin Walker

Coming from a *Nix Software Engineering background, Colin is no stranger to long hours of coding, testing and deployment. His personal experiences such as on-stage performance and the like have helped to foster the evangelist in him. These days he splits his time between coding, technical writing and evangalism. He can be found on the road to just about anywhere to preach the good word about ADCs, Application Aware networking, Network Side Scripting and geekery in general to anyone that will listen.

Colin currently helps manage and maintain DevCentral (http://devcentral.f5.com). He is also a contributor in many ways, from Articles to Videos to numerous forum posts, to iRules coding and whatever else he can get his hands on that might benefit the community and allow it to continue to grow.

CloudEXPO Stories
The precious oil is extracted from the seeds of prickly pear cactus plant. After taking out the seeds from the fruits, they are adequately dried and then cold pressed to obtain the oil. Indeed, the prickly seed oil is quite expensive. Well, that is understandable when you consider the fact that the seeds are really tiny and each seed contain only about 5% of oil in it at most, plus the seeds are usually handpicked from the fruits. This means it will take tons of these seeds to produce just one bottle of the oil for commercial purpose. But from its medical properties to its culinary importance, skin lightening, moisturizing, and protection abilities, down to its extraordinary hair care properties, prickly seed oil has got lots of excellent rewards for anyone who pays the price.
The platform combines the strengths of Singtel's extensive, intelligent network capabilities with Microsoft's cloud expertise to create a unique solution that sets new standards for IoT applications," said Mr Diomedes Kastanis, Head of IoT at Singtel. "Our solution provides speed, transparency and flexibility, paving the way for a more pervasive use of IoT to accelerate enterprises' digitalisation efforts. AI-powered intelligent connectivity over Microsoft Azure will be the fastest connected path for IoT innovators to scale globally, and the smartest path to cross-device synergy in an instrumented, connected world.
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
ScaleMP is presenting at CloudEXPO 2019, held June 24-26 in Santa Clara, and we’d love to see you there. At the conference, we’ll demonstrate how ScaleMP is solving one of the most vexing challenges for cloud — memory cost and limit of scale — and how our innovative vSMP MemoryONE solution provides affordable larger server memory for the private and public cloud. Please visit us at Booth No. 519 to connect with our experts and learn more about vSMP MemoryONE and how it is already serving some of the world’s largest data centers. Click here to schedule a meeting with our experts and executives.
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understanding as the environment changes.