-
Getting around Data Groups
Posted by mischa IHAC that is looking to replace their current LBs with A10 and they are using Data Groups. Code: class exampleClass {"string1""string2""string3"}rule exampleRule {when HTTP_REQUEST {if {[matchclass [HTTP::uri] contains exampleClass]}{log local0. "Using uri-match pool - [HTTP::uri]"pool pool-uri-match} else…
-
Persistence aFlex based on UIE from real server
Posted by aanchev This script was written for a home grown web application that sets a UIE when a client establishes a connection to the server. If a client has no UIE, it is load balanced normally. If the client has a UIE, the script provides stickiness to the server the client received it from. when HTTP_REQUEST { set…
-
aFlex to Selectively Insert /owa for Exchange 2010
Posted by kberton A10's Deployment Guide for Exchange 2010 provides the following aflex script to insert /owa into the path of any request where it doesn't already exist. However, this seems to break the Exchange Control Panel (ECP) which is accessed under /ecp. Any advice on editing this script to accommodate requests to…
-
aFlex to Change URI Case in a certain location
Posted by TODDH We have a very simple aflex that we currently us to convert the entire uri to lower case: when HTTP_REQUEST { HTTP::uri [string tolower [HTTP::uri] ] } We need to modify that aflex so that it only executes the “tolower” to a portion of the uri. The portion of the uri that we need to convert to lower case is…
-
How to respond with a 301 permanent redirect?
Posted by TODDH Guys, Do we have any way of responding with a 301 (permanent redirect)? I need a way to inform the search engines that my customers location is permanently moved. Thanks, -Todd-
-
How to use " in my output?
Posted by tcp-me Sorry for the newbie questions, but how do I print “ in my output? For example when LB_FAILED { HTTP::respond 200 content "<html><head><title>Apology Page</title></head><body>We are sorry, but the site you are looking for is temporarily out of service<br></body></html>" But if I put in a link, it requires…
-
Switch sites to insert cookie
Posted by tcp-me I'm wondering if anyone has a good idea on how to do this. My company's site is say... abc.com My customers who use our service get customer1.abc.com. We've been inserting our cookie for abc.com to track usage and session. Now my customers want survey.customer1.com to be the domain, but they'll resolve the…
-
Server selection based on URI
Posted by ddesmidt One of our customers had a special request and I want to share it with you so you can enjoy our solution if you have similar needs They have 20 servers named S1 to S20. In the URL they give to their customers, each unique URL has to go to a specific server. Example: www.xyz.com/work/S2/etc/index.html.…
-
Adding "HttpOnly" to Cookie
Posted by mischa If you need to add "HttpOnly" to a cookie: Code: when HTTP_RESPONSE {if { [HTTP::header exists "Set-Cookie"] } {set cookie_value [HTTP::cookie "TestCookie"]HTTP::cookie remove "TestCookie"HTTP::header insert "Set-Cookie" "TestCookie=$cookie_value; HttpOnly"}} I found that this works very well.
-
Logging traffic flows in syslog
Posted by mike_larue@agilent.com We are looking for a way to log traffic flows in syslog so that we can get a clear picture of the client IP/VIP and SNAT/Server IP binding. We woudl like to see: timestamp; client IP; VIP; SNAT IP; Real Server for each flow that is created. Do you have the aFlex code available for this?…
-
prevent Src IP Persistence to sorry server
Posted by kberton Attempting to create an aFlex that will set Src IP Persistence for all servers in a service group *except* for one server which is being used as a sorry server. I am setting priorities in the service group for each service and default behavior of AX is to apply the same persistence template to all member…
-
Select group based on AX system date
Posted by kyang A customer wanted his AX to direct the traffic by AX system time. Example: direct the traffic by AX date number,if the number is even then direct the traffic to sg-even,else to sg-odd. Here is how: Code: ------------------------------------- when CLIENT_ACCEPTED { set curdate [TIME::clock seconds] set…
-
Skipping Large Content Size for HTTP Collect?
Posted by TODDH How would I add an if / else to check for HTTP content-length and only perform collect when the size is smaller than 1MB / 1.2MB? when HTTP_RESPONSE { HTTP::collect } when HTTP_RESPONSE_DATA { set clen [HTTP::payload length] regsub -all "elm" [HTTP::payload] "elm" secureurls HTTP::payload replace 0 $clen…
-
cookie persistence for PCI audit
Posted by brunov To successfully pass a PCI compliancy test, one of my clients moved from cookie persistency to aFleX persist uie persistence. The cookie persisten uses the same cookie value for each server. The below aflex creates a random 10 character string for each user. Code:…
-
Tab in log statement using aFlex
Posted by brunov When creating a log statement using aflex, is there a way to add a <tab> so that the log could be tab separated? See example: Time: 10:31:21 <tab> ip: 192.168.1.1 <tab> request: www.example.com/index.html <tab> query: ?uejdmski89e7ks sorry, this interface does not accept white space, so see <tab> as an…
-
Select group based on TCP contents
Posted by a10jliu User Scenario: Need to use one VIP (same IP) for different applications. All applications run on smart phones which has its own client; choose different service group based on the the first 2 TCP Payload bytes. Code: when CLIENT_ACCEPTED { TCP::collect 2 } when CLIENT_DATA { if { [TCP::payload 2] equals…
-
aFleX for Exchange Server
Posted by a10jliu Came from a real-world deployment: Customer using Exchanger servers and need this: 1: http redirect to https: //x/owa when user tries to connect the host with no uri 2: certain directories are open to all, since these are push-mail related and user might access from Internet 3: all other directories are…
-
Manage multiple interal servers by one public IP
Posted by a10jliu One of my customers has hundred of internal servers which need to map to one public VIP, using different port to manage. We came up with this idea to use aFlex to map different servers and ports systematically : But remember the node used in aFleX still must be defined by slb server and include in a…
-
Separating HTTP from non-HTTP content on port 80
Posted by tcp-me Can an aFlex switch HTTP content to my cache servers and non-HTTP content over the same port directly out to my firewall? My cache servers throw up a lot of error messages when non-HTTP content (such as P2P or Video) runes through it. Since it can't cache it, it would be great if the AX can switch it for…
-
Is it possible to call a subroutine to share
Posted by TODDH I have a customer that is looking to have a include function in an aFlex. Most of this can be accomplished by allowing multiple aFlexes bound to the same VIP as in 2.6, but do we have any plans to support calling common code as in the customers examples below? Thanks! -Todd- ** Aflex #1 test-aflex ** -…
-
Log all HTTP headers
Posted by tcp-me I was working with someone today that needed their AX to log all HTTP request headers for security auditing purposes. They have their company employees using the AX as the gateway to get out to the Internet. Their IT staff wanted the AX to capture all HTTP request headers including any cookies being sent…
-
Replace Host Header based on server selection
Posted by kberton I have a web app that's picky about the host HTTP header that it receives. The backend servers expect the web clients to hit the backend server hostname directly, so when servers reach it through the hostname assigned to the load balancer, the app gets confused. Is there any way via aFlex that I can a)…
-
aFlex to rewrite an IIS respose
Posted by TODDH Hi aFlex Wizards. I have a quick question. When using port translation (80 - 8080) standard port 80 on the frontend to a non-standard port on the backend. IIS responds with a redirect with the port# as part of the redirect which is past through to the client. this ends up as a dead link on the frontend. Is…
-
tcp payload lb and persistence for diameter
Posted by jmaddox i need an aflex that will select new server for new "session-id" and persist on session id. session id is in tcp payload. client to vip tcp connection will be long lived and multiple session-ids will be sent over same. attached is a sample wireshark capture from the wireshark forums. packet 21 is of…
-
Sorry page when all servers are down
Posted by ddesmidt I received an interesting request today. A customer wanted his AX to reply itself a sorry page when all the servers behind the VIP are down => users requests are not dropped but they receive a "sorry" web page. Here is the aFleX I shared with him: Code: when HTTP_REQUEST {# log "LB::status = [LB::status…
-
aflex for individual server cookie persist
Posted by jmaddox Do we have an aflex where individual load balanced servers could each have a unique cookie and persistence is achieved by observing that cookie, as opposed to inserting one at the load balancer level?
-
Using aFleX when service group is down
Posted by mischa A very quick way of reselecting a different service group when the primary fails. Code: when LB_FAILED {pool sg-http-backup}
-
Juniper DX (Redline Apprue) - AX aFleX conversion
Posted by ddesmidt HTTP and HTTPS web applications were front ended by Juniper DXs (acquisition of Redline Networks). In addition to load balancing, the Juniper DX was removing SSL to talk to the servers via http. To transparently remove SSL for their application, the Juniper DX utilized Apprules to rewrite some elements…
-
Basic HTTP Switching aFlex
Posted by kberton What follows is a basic aFlex that will switch HTTP requests based on three different criteria -- User-Agent, URI and Host -- to the desired Service Group. when HTTP_REQUEST { if { [HTTP::header "User-Agent"] contains "Auto Installer"} { pool sg_Auto_Installer } if { [HTTP::uri] starts_with "/en" } { pool…
-
aflex for post data load balancing and persistence
Posted by jmaddox Do we have a generic aflex somewhere that does the following? Look inside a POST for user=xxxxxxx, and load balance/persist based on name=value?
