版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
1、HTTP Class Profile,What is the HTTP Class,The HTTP Class profile provides a way to match specific criteria from an HTTP connection and Select a pool based on the specified criteria Perform a URI redirection based on the criteria Send all matching traffic through the Application Security Manager modu
2、le based on the specified criteria Send all matching traffic through the Web Accelerator module based on the specified criteria The HTTP Class is essentially a compiled in version of an iRule.,HTTP Class Profile,Found under the ProfileProtocol section Requires an HTTP profile on the Virtual Server,H
3、ow does matching work?,See SOL5422 on about matching The fields used to match against are as follows: Host name (ex. ) URI Path (ex. /*.jpg) HTTP Header(ex. Accept-Encoding:gzip,deflate) Cookie(ex. BigIPServer ) Regular Expressions can be used Multiple match selections within a defined HTTP Class ar
4、e a logical AND.,Match Example,The HTTP class matches against selected criteria and goes to the selected pool and/or the URI can be rewritten if there is a match. In this example, if the host contains AND the URI path contains .jpg or .gif then the request is sent to the image_pool.,Match Example,In
5、 this example, if the uri contains /secure/ then the BigIP will perform a HTTP 302 redirect to HTTPS using the incoming host and uri. Note: the redirection syntax is the same as an iRule syntax.,More uses,HTTP Class is also the link to the ASM or WA. Enable ASM or Enable WA for the HTTP Class and th
6、is will send all matching traffic to the enabled module before sending it on to the selected pool. The ASM or WA selections are only visible if the module is licensed.,HTTP Class association,The HTTP Class requires an HTTP profile to be present on the virtual server HTTP Classes operate just like iR
7、ules when they are associated with the virtual server. First listed, first parsed (order can be change by Up/Down buttons) Fall through to the next listed Default pool used of no HTTP class is matched,Troubleshooting,If WAM or ASM are involved, disassociate them from the HTTP Class first. Create a t
8、est VIP with out the class, and see if traffic flows to the pool members. Open up matching to * and see if traffic flows. Do your matches really match what you think? Review SOL5422 and confirm that you are matching what you want to match.,BigIP v9 Practical,iRules,Programming language integrated in
9、to TMOS TMOS (Traffic Management Operating System) Based on industry standard TCL language TCL (Tool Command Language) iRules provide the ability to intercept, inspect, transform, direct and track inbound or outbound application traffic Core of the F5 “secret sauce” and key differentiator,iRules,Wha
10、t makes iRules so unique?,Full-fledged scripts, executed against traffic on the network, at wire-speed Powerful logical operations combined with deep packet inspection The ability to route, re-route, re-direct, retry, or block traffic Community support, tools and innovation,iRules Myths - debunked,i
11、Rules are slow! They kill network performance. Only software developers will understand how to write all that code Its a burden to users to make things this granular, they should be check-boxes or point and click like competitors F5 wont even support iRules for their customers No one is actually usi
12、ng iRules, its just hype,How do iRules Work?,Coded around Events Such as, HTTP_REQUEST, HTTP_RESPONSE, CLIENT_ACCEPTED etc. iRules allow you to perform deep packet inspection (entire header and payload) Full scripting language allows for bidirectional and granular control of inspection, alteration a
13、nd delivery of application traffic on a packet by packet basis,Requests,Original Request,Modified Request*,*Note: BIG-IPs Bi-Directional Proxy capabilities allow it to inspect, modify and route traffic at nearly any point in the traffic flow, regardless of direction.,What can an iRule do?,Read, tran
14、sform, replace header or payload information (HTTP, TCP, SIP, etc.) Work with any protocol, such as SIP, RTSP, XML, others, whether with native (HTTP:cookie) or generic (TCP:payload) commands Make adjustments to TCP behavior, such as MSS, checking the RTT, deep payload inspection Authentication assi
15、stance, offload, inspection and more for LDAP, RADIUS, etc. Caching, compression, profile selection, rate shaping and much, much more,iRules React to Chain Events,iRules Events Are a Natural Part of TMOS Internal Real Time Process Flows,Client Side Context,Server Side Context,Key elements of an iRul
16、e,Event declarations Define when code will be executed Every iRule will have an event Operators Define under what conditions you will perform an action iRule commands Define the action to perform,iRule elements - Events,Events are anything that may trigger the processing of the rule in the first pla
17、ce Examples: HTTP_REQUEST HTTP_RESPONSE CLIENT_ACCEPTED LB_FAILED Additional events found at ,when HTTP_REQUEST ifHTTP:host ends_with “” pool http_pool1 ,Some iRule Events,AUTH AUTH_ERROR AUTH_FAILURE AUTH_RESULT AUTH_SUCCESS AUTH_WANTCREDENTIAL,CACHE CACHE_REQUEST CACHE_RESPONSE,CLIENTSSL CLIENTSSL
18、_CLIENTCERT CLIENTSSL_HANDSHAKE,DNS DNS_REQUEST DNS_RESPONSE NAME_RESOLVED,GLOBAL LB_FAILED LB_SELECTED RULE_INIT,HTTP HTTP_CLASS_FAILED HTTP_CLASS_SELECTED HTTP_REQUEST HTTP_REQUEST_DATA HTTP_REQUEST_SEND HTTP_RESPONSE HTTP_RESPONSE_CONTINUE HTTP_RESPONSE_DATA,IP CLIENT_ACCEPTED CLIENT_CLOSED CLIEN
19、T_DATA SERVER_CLOSED SERVER_CONNECTED SERVER_DATA,LINE CLIENT_LINE SERVER_LINE,RTSP RTSP_REQUEST RTSP_REQUEST_DATA RTSP_RESPONSE RTSP_RESPONSE_DATA,SIP SIP_REQUEST SIP_REQUEST_SEND SIP_RESPONSE,SERVERSSL SERVERSSL_HANDSHAKE,STREAM STREAM_MATCHED,TCP CLIENT_ACCEPTED CLIENT_CLOSED CLIENT_DATA SERVER_C
20、LOSED SERVER_CONNECTED SERVER_DATA USER_REQUEST USER_RESPONSE,UDP CLIENT_ACCEPTED CLIENT_CLOSED CLIENT_DATA SERVER_CLOSED SERVER_CONNECTED SERVER_DATA,XML XML_BEGIN_DOCUMENT XML_BEGIN_ELEMENT XML_CDATA XML_END_DOCUMENT XML_END_ELEMENT XML_EVENT,AUTH,CACHE,CLIENTSSL,DNS,GLOBAL,HTTP,IP,LINE,RTSP,SIP,S
21、ERVERSSL,STREAM,TCP,UDP,XML,iRule elements - Operators,There are two types or operators, Relational and Logical Relational operators contains, matches equals starts_with, ends_with, matches_regex, switch Logical operators if, else, elseif and, not, or,when HTTP_REQUEST ifHTTP:host ends_with “” pool
22、http_pool1 ,when HTTP_REQUEST if(HTTP:host ends_with “”) or (HTTP:uri contains “/portal/”) pool http_pool1 ,iRules Commands,Statement commands Select traffic destination pool , which directs traffic to the named load balancing pool. Query commands - Search for header and content data IP:remote_addr
23、, search and return remote IP address Data manipulation commands HTTP:header, inserts headers into HTTP requests. Utility commands parsing and manipulating content decode_uri , decodes the named string using HTTP URI encoding and returns the result.,when HTTP_REQUEST if(HTTP:host ends_with “”) or (H
24、TTP:uri contains “/portal/”) pool http_pool1 ,Sample of some iRules Commands,Solution: Special Protocol Handling,rule FIX_regexp when CLIENT_ACCEPTED TCP:collect when CLIENT_DATA if regexp x0149=(.*)x01 TCP:payload - SenderCompID persist uie $SenderCompID TCP:release else TCP:collect ,Client request
25、s information from an application and is routed through BIG-IP BIG-IP UIE inspects for specific information identified 3. iRule runs and queries payload (TCP:collect) for the specific identifier needed (SenderCompID) 4. Based upon rule, client request is persisted to a specific server dedicated to t
26、hat user,HOW IT WORKS,DescriptionA large financial institution needed assistance with processing a specialized protocol (FIX = Financial Information Exchange) to direct specific users to dedicated pools of servers,iRule Query identifies FIX SenderComp ID,HTTP Request,1,4,2,3,Pool A,Pool B,You cant d
27、o this with check boxes,iRules Example - BIG-IP Security,Request Throttling Once an HTTP session has been established, a client can request a page thousands of times, tying up servers and creating a denial of service scenario. Request throttling can limit the number of times per session, per user, o
28、r per second that a page request can be made. BIG-IP can track users per IP, cookie, jsession ID, or other unique data. It can also apply the same logic to proprietary TCP applications.,when HTTP_REQUEST set cur_time clock seconds if HTTP:request_num 3 if $cur_time = $start_time if $reqs_sec 3 HTTP:respond 503 Retry-After 2 incr reqs_sec return se
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 法律速录实训考试题及答案
- 2026福建医科大学附属第二医院非在编工作人员招聘53人(一)模拟试卷(各地真题)附答案详解
- 南通四模生物试题及答案
- 美术画画考试题及答案
- 第1课时 发达国家集中的地区 欧洲西部的气候
- 联保电子厂测试题及答案
- 陕西师范大学从2026届毕业生中选聘科研助理模拟试卷附答案详解【突破训练】
- 《环境安全对国家安全的影响》课件
- 智慧城市交通大脑-第1篇
- 七年级下册语文古诗文默写真题变式专项练习
- 2023-2024学年福建省厦门市高一下学期7月期末质量检测生物试题(解析版)
- 肺癌大咯血的护理
- CJ/T 490-2016燃气用具连接用金属包覆软管
- 自考 00018 计算机应用基础
- 2025年福建中闽海上风电有限公司招聘笔试参考题库含答案解析
- 煤矿防治水细则解读
- 《决胜B端:驱动数字化转型的产品经理》札记
- 国家开放大学专科《管理英语2》一平台机考真题及答案(第二套)
- (正式版)SH∕T 3541-2024 石油化工泵组施工及验收规范
- 八年级(下)期末考试物理试卷-附答案解析
- 美国西南航空公司案例课件
评论
0/150
提交评论