F5 irules training

1、1IRULE “Training”2最最简单简单的例子的例子-盗版思路盗版思路when CLIENT_ACCEPTED set portodd expr TCP:remote_port & 1if $portodd log local0. port TCP:remote_port is odd else log local0. port TCP:remote_port is even3Things to know理解语法层7层的用法大应用不能访问问题Q&A4变变量量Set C 123Set C “abc123”数据数据类类型型Boolean型整型浮点型字符串型set a exp

2、r 43log local0. a:$a数组5运算运算类类型型算算术术运算运算set a expr 43expr 1 = 2 log local0. a:$a比比较较运算运算set a 3set a expr $a * 5 + 7set a 7set a expr $a%26条件条件语语句句If 触发条件 触发动作elseif 触发条件 触发动作else 触发动作 If 公司安排我出差 去买火车票elseif 用户要求作方案 我做方案else 回家7条件条件语语句句 SWITCH 效率高效率高switchswitch string tolower HTTP:header User-Agent

3、*scooter* -*slurp* -*msnbot* -*fast-* -*teoma* -*googlebot* pool slow_webbot_pool default pool default_pool 8效率更高的呢效率更高的呢建 data group class bots scooterslurpmsnbotfast-teomagooglebotwhen HTTP_REQUEST if class match string tolower HTTP:header User-Agent contains $:bots pool slow_webbot_pool9Data grou

4、p里面不支持通配服里面不支持通配服when HTTP_REQUEST log local0. header :string tolower HTTP:header Host if class match string tolower HTTP:header Host eq class_domain log local0. is very good10怎么看效率怎么看效率tmsh reset-stats ltm rule rule_port tmsh show ltm rule rule_port raw 11循循环环While循环set a 1while $a 4 log local0. a

5、is :$aincr a breakset a 1while $a 5 break FOR循循环环预预制条件，比制条件，比较预较预算，循算，循环环条件，条件，for set a 1 $a 100ms set HTTP compression to level 5# RTT returns latency as 1/32 of a millisecond,# so 1600=50ms, 3200=100ms, etcwhen HTTP_REQUEST set rtt TCP:rttwhen HTTP_RESPONSE if $rtt 3200 COMPRESS:enable COMPRESS:g

6、zip level 5 elseif $rtt 1600 COMPRESS:enable COMPRESS:gzip level 1 27Things to know理解语法层7层的用法大应用不能访问问题Q&A28定制返回定制返回HTML页页面面when HTTP_REQUEST HTTP:respond 200 content F5 Networks iRles 我的第一个rules 让我们一起进入rules的奇妙世界！ 29基于的基于的负载负载均衡均衡(1个个VS对应对应多个多个pool)when HTTP_REQUEST set my_uri string HTTP:uri if

7、 matchclass $my_uri starts_with /TBZAppWeb pool pool_TBZAppWeb elseif $my_uri starts_with /QueryVisa pool pool_QueryVisa elseif $my_uri starts_with /Card pool pool_Card elseif $my_uri starts_with /fbs pool pool_fbs else $my_uri starts_with /BZRJ_WS pool pool_BZRJ_WS 也可以matchclass HTTP:uri starts_wit

8、h $:mc30基于的基于的负载负载均衡均衡when HTTP_REQUEST set f5 findstr http_uri “user=“ 5 “&” if $f5 != #这里的http_uri可能是http:uripool abc_servers else pool web_servers#抓取http_uri里包含“user=”字符，并且找到这个字符后，（user=正好是0-4位，从第五位开始抓取）从这个字符user=后的字母开始到“&”之间抓取字符。31日志打出所有日志打出所有http headerwhen HTTP_REQUEST foreach ppp HTTP

9、:header names log local0. $ppp: HTTP:header value $pppwhen HTTP_RESPONSE HTTP:header insert PIALALA F5 Networksforeach aHeader HTTP:header names log local0. $aHeader: HTTP:header value $aHeader32实验实验：日志打出所有：日志打出所有header这这些些header什么意思什么意思-请请事先准事先准备备33基于基于http header的的irule(1) 基于，根据不同内容给不同when HTTP_RE

10、QUEST if HTTP:header exists ZONECODE switch HTTP:header ZONECODE A pool pool_public_web_A B pool pool_public_web_B C pool pool_public_web_C D pool pool_public_web_D E pool pool_public_web_E F pool pool_public_web_F else pool pool_public_web_ALL (2)#删除指定的头，以空格为分隔，删除了很多的header头when HTTP_RESPONSE HTTP:

11、header remove ETag Server Date X-Powered-By Last-Modified #删除类里的指定头when HTTP_RESPONSE HTTP:header remove haha34基于基于http header的的irule3发现有http:header为server的头的时候，将server的详细内容替换为123when HTTP_RESPONSE if HTTP:header exists Server HTTP:header replace Server “123 4插入一个haha的header,haha的内容为服务器member的Ip地址。再

12、找到一个叫做server的header，将其内容全部删掉，替换为服务器member的Ip地址 when HTTP_RESPONSE if HTTP:header exists Server HTTP:header insert haha IP:server_addr HTTP:header replace Server IP:server_addr 35我的我的ip： ：9substrset substr getfield IP:client_addr . 4 0 substr的意思是抓取字符（findstr的意思是发现字符）。抓取最后分隔符的字段从第一位开始取,取到最后。se

13、t f5 substr getfield IP:client_addr “.” 4 0 1。从头取，取1个位字符,那么返回值就是2.假设是set f5 substr getfield IP:client_addr . 4 0 2的话，从头取，取2个位字符,取得值就是29.string indexset f5 string index getfield IP:client_addr “.” 4 end-1 的话，取得值就是2。% string index 29 02% string index 29 19% string index 2 9 1中间空位string range set f5 st

14、ring range abc771899 0 5抓取字符串第一位到第6位字符：“abc771”36实验实验： ：findstr substrsubstrset substr getfield IP:client_addr . 4 0 substr的意思是抓取字符（findstr的意思是发现字符）。抓取最后分隔符的字段从第一位开始取,取到最后。set f5 substr getfield IP:client_addr “.” 4 0 1。从头取，取1个位字符,那么返回值就是2.假设是set f5 substr getfield IP:client_addr . 4 0 2的话，从头取，取2个位字

15、符,取得值就是29.findstr37基于基于http header的的irule when HTTP_REQUEST set f5 string index getfield IP:client_addr . 4 end if matchclass $f5 equals $:jishu log local0.warning 99999999 elseif $f5 5 log local0.warning 11111111111 when HTTP_REQUEST if HTTP:header exists Host log local0. Location:444444444set myLo

16、cation substr getfield IP:client_addr . 4 0 1 when HTTP_RESPONSE if HTTP:header exists Server HTTP:header replace Server $myLocation log local0. Location:6666666 38重定向的重定向的1直接重定向直接重定向when HTTP_REQUEST HTTP:redirect http:/或者when HTTP_REQUEST if HTTP:uri contains secure HTTP:redirect https:/HTTP:hostH

17、TTP:uri 2根据状根据状态码态码条件条件when HTTP_RESPONSE if HTTP:status ends_with404 HTTP:redirect http:/l else Pool web_Pool#当然也可以写成 if HTTP:status = 404或者HTTP:status contains 40439实验实验：重定向：重定向when HTTP_RESPONSE if HTTP:status ends_with404 HTTP:redirect http:/l else Pool web_Pool#当然也可以写成 if HTTP:status = 404或者HTT

18、P:status contains 40440重定向的重定向的根据根据when HTTP_REQUEST if class match HTTP:host equals host_list and class match HTTP:uri equals path_list HTTP:redirect 0/MWWebSite/else HTTP:redirect HTTP:hostHTTP:uri根据目的端口重定向根据目的端口重定向不匹配类：when HTTP_REQUEST set port TCP:local_port if $port = 8001 HT

19、TP:redirect http:/getfield HTTP:host : 1HTTP:uri 匹配类：when HTTP_REQUEST set port TCP:local_port if matchclass $port equals $:mc HTTP:redirect http:/getfield HTTP:host : 1HTTP:uri 41会会话话保持的保持的 when HTTP_REQUEST if HTTP:header exists mc_add persist uie HTTP:header mc_add 1800 when HTTP_REQUEST set resp

20、_insert_ip HTTP:header mc_add if $resp_insert_ip != persist uie $resp_insert_ip set resp_cookie HTTP:header cookie if $resp_cookie != persist uie $resp_cookie 42会会话话保持的保持的 when HTTP_REQUEST if HTTP:header x-up-calling-line-id!= persist uie HTTP:header x-up-calling-line-id else persist source_addr #

21、if HTTP:header x-up-calling-line-id!=“和if HTTP:header exists mc_add 作用是一样的。43会会话话保持的保持的根据返回的respons中的cookie中的sessionid的号码进行会话保持when CLIENT_ACCEPTED set add_persist 1 when HTTP_RESPONSE if HTTP:cookie exists SESSIONID and $add_persist log local0. response set cookie HTTP:cookie SESSIONID persist add

22、uie HTTP:cookie SESSIONID set add_persist 0 when HTTP_REQUEST if HTTP:cookie exists SESSIONID persist uie HTTP:cookie SESSIONID else set jsess findstr HTTP:uri SESSIONID 10 8 if $jsess != log local0. request include $jsess persist uie $jsess 根据头中的字符特征进行会话保持when HTTP_REQUEST set jsess findstr HTTP:he

23、ader User-Agent M 0 5 if $jsess != log local0. request include $jsess persist uie $jsess 44实验实验： ：根据返回的respons中的cookie中的sessionid的号码进行会话保持when CLIENT_ACCEPTED set add_persist 1 when HTTP_RESPONSE if HTTP:cookie exists SESSIONID and $add_persist log local0. response set cookie HTTP:cookie SESSIONID p

24、ersist add uie HTTP:cookie SESSIONID set add_persist 0 when HTTP_REQUEST if HTTP:cookie exists SESSIONID persist uie HTTP:cookie SESSIONID else set jsess findstr HTTP:uri SESSIONID 10 8 if $jsess != log local0. request include $jsess persist uie $jsess 45Things to know理解语法层7层的用法大应用不能访问问题Q&A46日志的

25、排日志的排错错（ （/log/ltm） ）when HTTP_REQUEST log local0.warning log start.if HTTP:header exists cookie log local0.warning if statement is correct:HTTP:header cookiepersist uie HTTP:header cookielog local0.warning after persist statement else log local0.warning else is ok 输入命令: tail -f /var/log/ltmMay 20 2

26、2:01:31 local/tmm warning tmm2499: Rule haha : log start.May 20 22:01:31 local/tmm warning tmm2499: Rule haha : if statement is correct:SESSIONID=00002372May 20 22:01:31 local/tmm warning tmm2499: Rule haha : after persist statementMay 20 22:01:31 local/tmm1 warning tmm12500: Rule haha : log start.M

27、ay 20 22:01:31 local/tmm1 warning tmm12500: Rule haha : if statement is correct:SESSIONID=00002372May 20 22:01:31 local/tmm1 warning tmm12500: Rule haha : after persist statement47检查访问检查访问VS的的 整个流程整个流程 when SERVER_CONNECTED set info client IP:client_addr:TCP:client_port - clientside IP:local_addr:cl

28、ientside TCP:local_port append info server IP:local_addr:TCP:local_port - IP:server_addr:TCP:server_port log local0. $info48请请求求 时时候的候的 延延迟迟when HTTP_REQUEST set info client IP:client_addr:TCP:client_port - clientside IP:local_addr:clientside TCP:local_port catch append info server serverside IP:loc

29、al_addr:serverside TCP:local_port - IP:server_addr:TCP:server_port append info ethernet string range LINK:lasthop 0 16 - string range LINK:nexthop 0 16 tag LINK:vlan_id qos LINK:qos append info - HTTP:method HTTP:uri HTTP:version append info *TCP MSS TCP:mss, BW TCP:bandwidth, RTT TCP:rtt, OFFSET TC

30、P:offset append info *IP TOS IP:tos, HOPS IP:hops, TTL IP:ttl, PKTS_IN IP:stats pkts in, PKTS_OUT IP:stats pkts out, BYTES_IN IP:stats bytes in, BYTES_OUT IP:stats bytes out append info *HTTP HOST HTTP:host, KEEPALIVE HTTP:is_keepalive, REQ_NUM HTTP:request_num append info *HTTP PATH HTTP:path, QUER

31、Y HTTP:query log local0. $info Catch什么意思Append info什么意思# RTT returns latency as 1/32 of a millisecond, so 1600=50ms, 3200=100ms, etc49Tail /var/log/ltmFeb 9 16:05:06 tmm tmm1854: Rule ff : client 22:15538 - :80 ethernet 00:26:9e:79:2c:77 - ff:ff:ff:ff:ff:ff tag 4092 qos 0 - GET /

32、1.1 *TCP MSS 1460, BW 0, RTT 64, OFFSET 0 *IP TOS 0, HOPS 0, TTL 64, PKTS_IN 3, PKTS_OUT 1, BYTES_IN 582, BYTES_OUT 78 *HTTP HOST , KEEPALIVE 1, REQ_NUM 1 *HTTP PATH /, QUERY 50回回应时应时候的候的 延延迟迟when HTTP_REQUEST set info client IP:client_addr:TCP:client_port - clientside IP:local_addr:clien

33、tside TCP:local_port catch append info server serverside IP:local_addr:serverside TCP:local_port - IP:server_addr:TCP:server_port append info ethernet string range LINK:lasthop 0 16 - string range LINK:nexthop 0 16 tag LINK:vlan_id qos LINK:qos append info - HTTP:method HTTP:uri HTTP:version append

34、info *TCP MSS TCP:mss, BW TCP:bandwidth, RTT TCP:rtt, OFFSET TCP:offset append info *IP TOS IP:tos, HOPS IP:hops, TTL IP:ttl, PKTS_IN IP:stats pkts in, PKTS_OUT IP:stats pkts out, BYTES_IN IP:stats bytes in, BYTES_OUT IP:stats bytes out append info *HTTP HOST HTTP:host, KEEPALIVE HTTP:is_keepalive,

35、REQ_NUM HTTP:request_num append info *HTTP PATH HTTP:path, QUERY HTTP:query log local0. $info # RTT returns latency as 1/32 of a millisecond, so 1600=50ms, 3200=100ms, etc51Tail /var/log/ltmFeb 9 16:07:07 tmm tmm1854: Rule zz : client 22:15602 - :80 server :15602 - 10.0.0.

36、10:80 ethernet 00:0c:29:85:57:30 - 00:26:9e:79:2c:77 tag 4092 qos 0 - 200 1.1 - REDIR 0, Content-Length 514, Transfer-Encoding *TCP MSS(1460) BW(0) RTT(36) OFFSET(0) *IP TOS 0, HOPS 0, TTL 128, PKTS_IN 2, PKTS_OUT 3, BYTES_IN 912, BYTES_OUT 446 *HTTP HOST , KEEPALIVE 1, REQ_NUM 152Things to know理解语法

37、层7层的用法大应用不能访问问题Q&A53四大四大问题问题 应应用服用服务务器端器端创创建建应应用用时时，限定其接受的，限定其接受的请请求求Host只能是本机真只能是本机真实实的的IP和端口和端口应应用内部写死了用内部写死了url为为poolmember的的ip和和Port防盗链限制重定向到的IP和54重定向到的重定向到的IP和和 when HTTP_RESPONSE if HTTP:status = 302 if HTTP:header exists Location set myLocation HTTP:header Location set idx string first :9

38、08 $myLocation 0 if $idx 0 set mLocation string replace $myLocation $idx expr $idx + 4 HTTP:header replace Location $mLocation log local0. Location: $myLocation set idx string first https $myLocation 0 if $idx = 0 set mLocation string replace $myLocation $idx expr $idx + 5 http: log local0. mLocatio

39、n: $mLocation HTTP:header replace Location $mLocation 首先判断response 如果是302状态，则开始做2个工作1，将:908替换成空白2，如果302返回的location是https开头的则换成http $IDX就是 “ ：908xxxxxxx”tring replace $myLocation $idx expr $idx + 4 $idx + 0 为取1位，$idx + 4为取5位将location中从idx值开始，替换5位因为:908X是5位从idx开始到idx+5之间的 替换为空 https expr $idx + 5 http

40、: 就是说把https：删掉(正好6位)，然后变成http: set idx string first :908 $myLocation 00是偏移量，0表示从开始算起从location的开始位置找 ：908set idx string first :908 $myLocation 就是从第8位算起55的用法的用法字符串定位字符串定位% string first i microsoft 01% string first i microsoft 11% string first i microsoft 2-1% string first i microsift 26字符串替字符串替换换% str

41、ing replace abcde 2 1abcde% string replace abcde 2 2abde% string replace abcde 2 3abe% string replace abcde 2 4ab% string replace abcde 2 4 mabm56应应用内部写死了用内部写死了url为为poolmember的的ip和和Portwhen HTTP_RESPONSE #默认情况下关闭STREAM Profile 因为STREAM Profile非常占用F5 CPU资源STREAM:disable#检查返回的数据中时候是否包含txt，如果包含执行下面的命令if HTTP:header va