These are the few handy (10) F5 LTM iRules I use very often. I am keeping a copy here as my reference and this might help others as well.
1. Log all http access headers (client access request & response) – this will send logs to /var/log/ltm.
++++
when HTTP_REQUEST {
set LogString “Client [IP::client_addr]:[TCP::client_port] -> [HTTP::host][HTTP::uri]”
log local0. “=============================================”
log local0. “$LogString (request)”
foreach aHeader [HTTP::header names] {
log local0. “$aHeader: [HTTP::header value $aHeader]”
}
log local0. “=============================================”
}
when HTTP_RESPONSE {
log local0. “=============================================”
log local0. “$LogString (response) – status: [HTTP::status]”
foreach aHeader [HTTP::header names] {
log local0. “$aHeader: [HTTP::header value $aHeader]”
}
log local0. “=============================================”
}
+++++
2. Log client_ip only (the above example show IP as well) – this will send client_ip address to /var/log/ltm.
+++
when CLIENT_ACCEPTED {
log “CONNECT: [IP::client_addr]”
}
+++++
3. Redirect HTTP to > HTTPS
++++
when HTTP_REQUEST {
if { [string tolower [HTTP::host]] ends_with “.myfqdn.com.au” } {
HTTP::redirect https://www.myfqdn.com.au [HTTP::uri] #no space
}
else {
reject
}
}
+++++
4. Allow our DNS host names only – we don’t allow domain names which doesn’t belongs to us. We only accept “mydomain.com.au” and subdomains within it for our virtual servers.
++++
when HTTP_REQUEST {
if { [string tolower [HTTP::host]] equals “mydomain.com.au” || [string tolower [HTTP::host]] ends_with “.mydomain.com.au” } {
}
else {
reject
}
}
+++++
5. If all pool members are down – redirect HTTP Requests to our maintenance web site –
+++++
when HTTP_REQUEST {
if { [active_members [LB::server pool]] == 0 } {
HTTP::redirect “https://maintenance.mydomain.com.au/ ” #no space
}
}
++++++
6. If ALL pool member is down, display “site is under maintenance from the F5” from the F5.
++++++
when HTTP_REQUEST {
if { [active_members [LB::server pool]] == 0 } {
HTTP::respond 200 content “<p><h3>This site is currently under maintenance – please try again later.</h3></p>”
}
}
+++++
7. If all pool members are down – return 200 OK with content from the F5 –
++++
when HTTP_REQUEST {
if { [active_members [LB::server pool]] == 0 } {
HTTP::respond 200 content “<p><h3>This site is currently under maintenance – please try again later.</h3></p>”
}
}
+++++
8. URI rewrite – if client try to access “/application” rewrite/send them to “/application/ver1.1”
++++
when HTTP_REQUEST {
switch [HTTP::uri] {
“/application” {
HTTP::uri “/application/ver1.1”
}
}
}
+++++++++
9. Rewrite URI based on HTTP Header – URI rewrite is transparent to client whereas HTTP::redirect to new address is not which return HTTP code 3xx to client.
+++++
when HTTP_REQUEST {
switch [HTTP::header X-APP-Version] {
“app1.0” {
HTTP::uri “/app/default1.0”
}
“app2.0” {
HTTP::uri “/app/default2.0”
}
}
}
++++++
10. HTTP redirect based on http header – HTTP redirect 307 preserve what present within a initial POST request whereas other 30x such as 301/302 does not preserve any data in initial POST.
+++++++
when HTTP_REQUEST {
if { [HTTP::header X-APP-NAME] contains “myapp1”}
{
HTTP::respond 307 “Location” “https://myapp.abc.com/api/myapp1.0 ” #no space
}
else {
HTTP::respond 307 “Location” “https://myapp.abc.com/api/myapp2.0 ” #no space
}
}
+++++++++