-
Notifications
You must be signed in to change notification settings - Fork 3
/
co-pilot_irules_examples.irul
87 lines (70 loc) · 2.3 KB
/
co-pilot_irules_examples.irul
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
### co-pilot irules examples
# create an irule to redirect http to https
cat <<EOF > /config/http_to_https_redirect.irule
when HTTP_REQUEST {
HTTP::respond 301 Location "https://[getfield [HTTP::host] : 1][HTTP::uri]"
}
# create an irule to filter based on source ip, use a data group to store the ip addresses
cat <<EOF > /config/ip_filter.irule
when HTTP_REQUEST {
if { [class match [IP::client_addr] equals ip_filter] } {
HTTP::respond 403 content "Access Denied"
}
}
# create an irule to direct traffic to a pool based on the host header
cat <<EOF > /config/host_pool.irule
when HTTP_REQUEST {
# log the host header and source ip and uri
log local0. "host: [HTTP::host] ip: [IP::client_addr] uri: [HTTP::uri]"
if { [HTTP::host] equals "www.example.com" } {
pool www.example.com
}
elseif { [HTTP::host] equals "www.example2.com" } {
pool www.example2.com
}
else {
pool www.example.com
}
}
# create an irule to log all client and server side connections details
cat <<EOF > /config/connection_logging.irule
when CLIENT_ACCEPTED {
log local0. "client accepted: [IP::client_addr]:[TCP::client_port]"
}
when CLIENT_CLOSED {
log local0. "client closed: [IP::client_addr]:[TCP::client_port]"
}
when SERVER_CONNECTED {
log local0. "server connected: [IP::server_addr]:[TCP::server_port]"
}
when SERVER_CLOSED {
log local0. "server closed: [IP::server_addr]:[TCP::server_port]"
}
when HTTP_REQUEST {
log local0. "http request: [IP::client_addr]:[TCP::client_port] -> [IP::server_addr]:[TCP::server_port] [HTTP::method] [HTTP::host][HTTP::uri]"
}
when HTTP_RESPONSE {
log local0. "http response: [IP::server_addr]:[TCP::server_port] -> [IP::client_addr]:[TCP::client_port] [HTTP::status] [HTTP::reason]"
}
# create an irule to forward traffic to pool based on uri
cat <<EOF > /config/uri_pool.irule
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/example" } {
pool www.example.com
}
elseif { [HTTP::uri] starts_with "/example2" } {
pool www.example2.com
}
else {
pool www.example.com
}
}
# create an irule to respond to a tcp connection with "got it"
cat <<EOF > /config/tcp_got_it.irule
when CLIENT_ACCEPTED {
TCP::collect
}
when CLIENT_DATA {
TCP::release
TCP::respond "got it"
}