Lab 6: BIG-IP Policies and iRules¶

While it would be easy to write your own redirect iRule, note that F5 has one prebuilt that you can use

1. Example of simple redirect iRule:

   when HTTP_REQUEST {
         HTTP::redirect https://[HTTP::host][HTTP::uri]
   }
   

Go to Local Traffic >> iRules

1. In the search box at the top of the list of iRules, type redirect and hit Search.

   

2. Open the iRule and take a quick look. This is an F5 Verified and supported iRule.

Create your HTTP-to-HTTPS redirect virtual server.

1. Go to Local Traffic >> Virtual Servers and create a new virtual server.
   1. Name: redirect_to_secure_vs
   2. Destination: <same IP as secure_vs>
   3. Service Port: 80 (HTTP)
   4. Source Address Translation: None <you don’t need this as this traffic is going nowhere>
   5. iRule: _sys_https_redirect
   6. Hit Finished
      1. WOW! That didn’t go too far did it. You just got an error. If you are going to redirect the HTTP request, you need the HOST and URI information and that requires the HTTP protocol
2. In the Configuration section make sure the default http profile is added to the virtual server
3. HTTP Profile: http
4. Select Finished

Test your policy by going to http://<ip address of your virtual>

1. You should be redirected to the HTTPS virtual server
2. As you can see, very small iRules can make a very big difference

Create a new pool named image_pool, use the http monitor for status, and add one member 10.1.20.14:80

First you will create your policy container and set your match strategy

1. Try to do this using the instructions, but a screen shot of the policy is available in the Appendix at the end of the lab guide if you would like it.

Go to Local Traffic >> Policies >> Policy List and select Create

1. Policy_Name: access_image_pool

2. Strategy: Execute first matching rule

3. Create Policy

   

Now you can create/view policy rules by selecting Create

1. Name: get_jpegs

2. In the box under Match all of the following conditions: select the to the right of All Traffic

   1. Use the drop-down menus to look at the HTTP URI and check if it ends_with an image type

   2. Look for JPEGs by adding jpg in the box under the any of box and selecting Add

      

3. Under Do the following when the traffic is matched, build the following operation.

   1. Forward Traffic to the pool named image_pool

4. Save

   

The policy is saved in Draft form and is not available until Published. To publish the policy:

1. Select the Save Draft Policy drop-down menu and select Save and Publish Policy

   

Go to the Resources section of your www_vs virtual server and select Managed over the Policies box

1. Move access_image_pool for the Available box to the Enabled box

   

Now test your change by browsing to http://10.1.10.100

1. If your policy is working correctly, all of the images under F5 Platform List should be from NODE #4

2. Other images are PNG images and have a different extension

   

Now you will use an iRule to perform the same image retrieval. Your image_pool is already created

Go to Local Traffic >> iRules and select Create

1. Name: access_image_pool

2. In the Definition section enter the following:

   

3. This activity is not meant to be “cut and paste”. We want you to get comfortable and familiar with typing iRules inside the GUI.

   1. Try hovering the cursor over a command or event, such as, HTTP_REQUEST or HTTP:uri. You will see a definition of the item. For example:

      

Save your iRule and go to the Resources section of your secure_vs and select iRules >> Manage

1. Move your access_image_pool iRule into the Enabled box

Test your secure_vs virtual by going to https://10.1.10.105

1. The results should be the same as before

Extra Credit! Change both the policy and iRule to access the image_pool for png file types

1. You should notice one is easier to update than the other