Welcome!

@CloudExpo Authors: Yeshim Deniz, Liz McMillan, Pat Romanski, Zakia Bouachraoui, Carmen Gonzalez

Related Topics: @CloudExpo, Machine Learning

@CloudExpo: Blog Feed Post

20 Lines or Less: Selective SSL, Port Stripping and Headers

The Flexibility and Power of iRules

What could you do with your code in 20 Lines or Less? That's the question I ask (almost) every week for the devcentral community, and every week I go looking to find cool new examples that show just how flexible and powerful iRules can be without getting in over your head.

With the onslaught of work required to get DC5 up and running it’s been a while since I’ve offered some cool iRule goodness to the community from the community.  There have been plenty of examples cruising through the forums, that’s for sure, I just haven’t had the time to comb through all of them or write them up.  Now that I can again see the light of day, allow me to share a some good ones with you.

 

Disabling SSL to one backend pool

We’ve looked at ways to selectively disable SSL before, but this example had an interesting twist that I thought was…well…interesting.  The idea here is to selectively disable SSL only on the back end of the connection, not the entire thing.  The client should always be encrypted but the server can, in some cases, be plain-text to try and cut down on overhead.  Cool idea, and here’s a look at how to make it work, according to a good example by user Alok.

when HTTP_REQUEST {
set my_uri [string tolower [HTTP::uri]]
if { $my_uri starts_with "/secure" } {
pool ssl__pool
} else {
SSL::disable serverside
pool static_pool
}
}

 

Hash persistence based on true-client IP

Here’s a user that’s trying to work around a limitation in the content distribution service they’re using.  They want to use an iRule to perform hash based persistence based on a header supplied giving the client’s IP address.  Hoolio, as is often the case, springs into action and whips up a nifty little example making use of lindex and active_members –list that gets the job done.

# Check if the active_members command returns an entry which can be split on a space into two variables
if {[active_members app_http_pool]}{
if {[scan [lindex [active_members –list app_http_pool] [expr {[md5 $tcip_header] % [active_members app_http_pool]}]] {%s %s} ip port] == 2}{
# Select the pool member IP and port
pool app_http_pool member $ip $port

# Exit from this event in this rule
return
}
# Take some default action if the pool is down or scan didn't parse the output?
}

 

Removing port numbers from redirects

If you’re looking to strip port locations from your redirects, then boy do I have the rule for you.  Well, it’s not my rule, really, but I get to share more of Aaron’s work with you, which is a regular and enjoyable part of my jobs these days, it seems.  The one man juggernaut has knocked out a quick little header replacement rule using string map and the fun HTTP::is_redirect command to get this job done.

when HTTP_RESPONSE {
if { [HTTP::is_redirect] } {
if { [HTTP::header Location] contains "www.acme.com:10040" } {
log local0. "Original Location value: [HTTP::header Location]"
HTTP::header replace Location [string map -nocase {www.acme.com:10400 www.acme.com} [HTTP::header value Location]]
}
}
}
when HTTP_RESPONSE priority 501 {
if { [HTTP::is_redirect] } {

# Debug logging only. Remove this event once done testing
log local0. "Updated Location value: [HTTP::header Location]"
}
}

Check back next week for some more examples of awesome things you can do with iRules in only a few lines of code.

#Colin

Read the original blog entry...

More Stories By Colin Walker

Coming from a *Nix Software Engineering background, Colin is no stranger to long hours of coding, testing and deployment. His personal experiences such as on-stage performance and the like have helped to foster the evangelist in him. These days he splits his time between coding, technical writing and evangalism. He can be found on the road to just about anywhere to preach the good word about ADCs, Application Aware networking, Network Side Scripting and geekery in general to anyone that will listen.

Colin currently helps manage and maintain DevCentral (http://devcentral.f5.com). He is also a contributor in many ways, from Articles to Videos to numerous forum posts, to iRules coding and whatever else he can get his hands on that might benefit the community and allow it to continue to grow.

CloudEXPO Stories
In today's always-on world, customer expectations have changed. Competitive differentiation is delivered through rapid software innovations, the ability to respond to issues quickly and by releasing high-quality code with minimal interruptions. DevOps isn't some far off goal; it's methodologies and practices are a response to this demand. The demand to go faster. The demand for more uptime. The demand to innovate. In this keynote, we will cover the Nutanix Developer Stack. Built from the foundation of software-defined infrastructure, Nutanix has rapidly expanded into full application lifecycle management across any infrastructure or cloud .Join us as we delve into how the Nutanix Developer Stack makes it easy to build hybrid cloud applications by weaving DBaaS, micro segmentation, event driven lifecycle operations, and both financial and cloud governance together into a single unified st...
Big Switch's mission is to disrupt the status quo of networking with order of magnitude improvements in network e ciency, intelligence and agility by delivering Next-Generation Data Center Networking. We enable data center transformation and accelerate business velocity by delivering a responsive, automated, and programmable software-dened networking (SDN) fabric-based networking solution. Traditionally, the network has been viewed as the barrier to data center transformation as legacy networking architectures hinder IT organizations with brittle, complex and cumbersome switch-by-switch management paradigms and in exible, proprietary hardware choices that are increasingly unable to keep up with the pace required of businesses today.
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and systems administration expertise. Prior to joining F5, MacVittie was an award-winning technology editor at Network Computing Magazine where she evaluated and tested application-focused technologies including app security and encryption-related solutions. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University, and is an O'Reilly author.
Digital Transformation (DX) is a major focus with the introduction of DXWorldEXPO within the program. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throughout enterprises of all sizes. We are offering early bird savings on all ticket types where you can save significant amount of money by purchasing your conference tickets today.
In his keynote at 19th Cloud Expo, Sheng Liang, co-founder and CEO of Rancher Labs, discussed the technological advances and new business opportunities created by the rapid adoption of containers. With the success of Amazon Web Services (AWS) and various open source technologies used to build private clouds, cloud computing has become an essential component of IT strategy. However, users continue to face challenges in implementing clouds, as older technologies evolve and newer ones like Docker containers gain prominence. He explored these challenges and how to address them, while considering how containers will influence the direction of cloud computing.