F5 Application Delivery Controller Solutions > BIG-IP® Local Traffic Manager (LTM) - Getting Started Source | Edit on
Lab 6: BIG-IP Policies and iRules¶
When clients attempt to access your secure_vs, you don’t want them to have to remember to type HTTPS before the web site, but you also don’t want to open port 80 (HTTP) on your web servers as that is just asking for trouble. To avoid this issue, you will be creating an HTTP virtual server that will redirect HTTP to HTTPS and the secure_vs. Also, you will write an iRule and a BIG-IP policy that will retrieve images from a different pool of servers than the default pool attached to the virtual server. This will give you a simple comparison between the two methods. You will use a policy on the HTTP server and an iRule on the HTTPS virtual server.
Using the Built-in https_redirect iRule¶
While it would be easy to write your own redirect iRule, note that F5 has one prebuilt that you can use
Example of simple redirect iRule:
when HTTP_REQUEST { HTTP::redirect https://[HTTP::host][HTTP::uri] }
Go to Local Traffic >> iRules
Create your HTTP-to-HTTPS redirect virtual server.
- Go to Local Traffic >> Virtual Servers and create a new
virtual server.
- Name: redirect_to_secure_vs
- Destination: <same IP as secure_vs>
- Service Port: 80 (HTTP)
- Source Address Translation: None <you don’t need this as this traffic is going nowhere>
- iRule: _sys_https_redirect
- Hit Finished
- WOW! That didn’t go too far did it. You just got an error. If you are going to redirect the HTTP request, you need the HOST and URI information and that requires the HTTP protocol
- In the Configuration section make sure the default http profile is added to the virtual server
- HTTP Profile: http
- Select Finished
- Go to Local Traffic >> Virtual Servers and create a new
virtual server.
Test your policy by going to http://<ip address of your virtual>
- You should be redirected to the HTTPS virtual server
- As you can see, very small iRules can make a very big difference
Use a BIG-IP Policy to retrieve images from a different pool¶
Create a new pool named image_pool, use the http monitor for status, and add one member 10.1.20.14:80
First you will create your policy container and set your match strategy
- Try to do this using the instructions, but a screen shot of the policy is available in the Appendix at the end of the lab guide if you would like it.
Go to Local Traffic >> Policies >> Policy List and select Create
Now you can create/view policy rules by selecting Create
The policy is saved in Draft form and is not available until Published. To publish the policy:
Go to the Resources section of your www_vs virtual server and select Managed over the Policies box
Now test your change by browsing to http://10.1.10.100
Use an iRule to Retrieve Images From a Different Pool¶
Now you will use an iRule to perform the same image retrieval. Your image_pool is already created
Go to Local Traffic >> iRules and select Create
Name: access_image_pool
In the Definition section enter the following:
This activity is not meant to be “cut and paste”. We want you to get comfortable and familiar with typing iRules inside the GUI.
Save your iRule and go to the Resources section of your secure_vs and select iRules >> Manage
- Move your access_image_pool iRule into the Enabled box
Test your secure_vs virtual by going to https://10.1.10.105
- The results should be the same as before
Extra Credit! Change both the policy and iRule to access the image_pool for png file types
- You should notice one is easier to update than the other