This following sections cover the list of iRules automatically translated into Avi Controller policies.
Content Switching
iRules |
Corresponding Avi Policies |
|---|---|
XFP Insert ltm rule /Common/insert_x-forwarded-proto_rule {
when HTTP_REQUEST {
HTTP::header insert X_FORWARDED_PROTO "https"
}
} |
x_forwarded_proto_enabled: true |
Secure Cookie ltm rule /Common/RDN_set_secure_bit_on_cookie {
when HTTP_RESPONSE {
set myValues [HTTP::cookie names]
foreach mycookies $myValues {
HTTP::cookie secure $mycookies enable
}
}
} |
secure_cookie_enabled: true |
Match URI ltm rule /Common/match_path_payment {
when HTTP_REQUEST {
if { ([HTTP::uri] contains "/ws-test/") }{
pool payment_pool
}
}
} |
- rule_name: match_path_payment
type: HTTPPolicySet
avi_config:
name: match_path_payment
http_request_policy:
rules:
- index: 1
enable: true
name: match_path_payment
match:
path:
match_case: INSENSITIVE
match_str:
- "/ws-test/"
match_criteria: CONTAINS
switching_action:
action: HTTP_SWITCHING_SELECT_POOL
status_code: HTTP_LOCAL_RESPONSE_STATUS_CODE_200
pool_ref: "/api/pool?name=payment_pool"
is_internal_policy: false |
Match Path ltm rule /Common/strip_path {
when HTTP_REQUEST {
if { [HTTP::path] contains "-12345" } then {
# remove the HASHvalue from the path
HTTP::path [string map {"/test/-12345/" "/test/"} [HTTP::path]]
# send changed HTTP:URI/path to payment pool
pool payment_pool
}
}
} |
- rule_name: strip_path
type: HTTPPolicySet
avi_config:
rules:
- enable: true
index: 1
match:
path:
match_case: INSENSITIVE
match_criteria: CONTAINS
match_str:
- "-12345"
name: Rule 1
rewrite_url_action:
path:
tokens:
- end_index: 0
start_index: 0
type: URI_TOKEN_TYPE_PATH
- end_index: 65535
start_index: 2
type: URI_TOKEN_TYPE_PATH
type: URI_PARAM_TYPE_TOKENIZED
query:
keep_query: true
switching_action:
action: HTTP_SWITCHING_SELECT_POOL
status_code: HTTP_LOCAL_RESPONSE_STATUS_CODE_200
pool_ref: "/api/pool?name=payment_pool"
is_internal_policy: false |
Redirect ltm rule /Common/path_switch {
when HTTP_REQUEST {
switch -glob [HTTP::path] {
"/test-credit*" {
pool Pool_credit-trade_front_1
}
"/credit-kiosk*" {
pool Pool_credit-kiosk_1
}
}
}
} |
- rule_name: path_switch
type: HTTPPolicySet
avi_config:
name: path_switch
http_request_policy:
rules:
- enable: true
index: 1
match:
path:
match_case: INSENSITIVE
match_criteria: CONTAINS
match_str:
- "/test-credit"
name: path_switch_gbss_trade
switching_action:
action: HTTP_SWITCHING_SELECT_POOL
pool_ref: /api/pool?name=Pool_test_credit_front_1"
status_code: HTTP_LOCAL_RESPONSE_STATUS_CODE_200
- enable: true
index: 2
match:
path:
match_case: INSENSITIVE
match_criteria: CONTAINS
match_str:
- "/credit-kiosk"
name: path_switch_credit_kiosk
switching_action:
action: HTTP_SWITCHING_SELECT_POOL
pool_ref: "/api/pool?name=Pool_credit-kiosk_1"
status_code: HTTP_LOCAL_RESPONSE_STATUS_CODE_200
is_internal_policy: false
|
Match Host and Redirect ltm rule /Common/path_switch_multi {
when HTTP_REQUEST {
switch -glob [string tolower [HTTP::host]] {
lyncweb.corp.avinetworks.com* { pool avinetworks.lync_reverse_proxy_front_end_4443_pool }
# { pool yp.lync_reverse_proxy_front_end_4443_pool }
meet.avinetworks.com* { pool avinetworks.lync_reverse_proxy_front_end_4443_pool }
dialin.avinetworks.com* { pool avinetworks.lync_reverse_proxy_front_end_4443_pool }
lyncdiscover.avinetworks.com* { pool avinetworks.lync_reverse_proxy_front_end_4443_pool }
}
}
} |
- rule_name: path_switch_multi
type: HTTPPolicySet
avi_config:
name: path_switch_multi
http_request_policy:
rules:
- enable: true
index: 1
match:
host_hdr:
match_case: INSENSITIVE
match_criteria: HDR_BEGINS_WITH
value:
- lyncweb.corp.avinetworks.com
name: path_switch_multi_1
switching_action:
action: HTTP_SWITCHING_SELECT_POOL
pool_ref: /api/pool?name=avinetworks.lync_reverse_proxy_front_end_4443_pool
status_code: HTTP_LOCAL_RESPONSE_STATUS_CODE_200
- enable: true
index: 2
match:
host_hdr:
match_case: INSENSITIVE
match_criteria: HDR_BEGINS_WITH
value:
- meet.avinetworks.com
name: path_switch_multi_2
switching_action:
action: HTTP_SWITCHING_SELECT_POOL
pool_ref: /api/pool?name=avinetworks.lync_reverse_proxy_front_end_4443_pool
status_code: HTTP_LOCAL_RESPONSE_STATUS_CODE_200
- enable: true
index: 3
match:
host_hdr:
match_case: INSENSITIVE
match_criteria: HDR_BEGINS_WITH
value:
- dialin.avinetworks.com
name: path_switch_multi_3
switching_action:
action: HTTP_SWITCHING_SELECT_POOL
pool_ref: /api/pool?name=avinetworks.lync_reverse_proxy_front_end_4443_pool
status_code: HTTP_LOCAL_RESPONSE_STATUS_CODE_200
- enable: true
index: 4
match:
host_hdr:
match_case: INSENSITIVE
match_criteria: HDR_BEGINS_WITH
value:
- lyncdiscover.avinetworks.com
name: path_switch_multi_4
switching_action:
action: HTTP_SWITCHING_SELECT_POOL
pool_ref: /api/pool?name=avinetworks.lync_reverse_proxy_front_end_4443_pool
status_code: HTTP_LOCAL_RESPONSE_STATUS_CODE_200
is_internal_policy: false |
Multiple Branch with If when HTTP_REQUEST { if{ [HTTP::host] ends_with ".vmware.com"} { HTTP::redirect https://[HTTP::host][HTTP::uri] } else{ HTTP::redirect https://[HTTP::host].vmware.com[HTTP::uri] }} |
- avi_config:
http_request_policy:
rules:
- enable: true
index: 1
match:
host_hdr:
match_case: INSENSITIVE
match_criteria: HDR_ENDS_WITH
value:
- .vmware.com
name: test-endswith
redirect_action:
keep_query: true
port: 443
protocol: HTTPS
status_code: HTTP_REDIRECT_STATUS_CODE_302
- enable: true
index: 2
name: test-endswith-catchall
redirect_action:
host:
tokens:
- end_index: 65535
start_index: 0
type: URI_TOKEN_TYPE_HOST
- str_value: vmware.com
type: URI_TOKEN_TYPE_STRING
type: URI_PARAM_TYPE_TOKENIZED
keep_query: true
port: 443
protocol: HTTPS
status_code: HTTP_REDIRECT_STATUS_CODE_302
name: test-endswith
rule_name: test-endswith
type: HTTPPolicySet |
HTTP to HTTPS Redirect
iRule Example |
Avi Controller Configuration |
HTTP Policy |
|---|---|---|
With status code 302 ltm rule /Common/https_redirect {
when HTTP_REQUEST {
HTTP::redirect "https://[HTTP::host][HTTP::uri]"
}
} |
"name": "System-Secure-HTTP",
"type": "APPLICATION_PROFILE_TYPE_HTTP",
"http_profile": {
"http_to_https": true, |
- avi_config:
http_request_policy:
rules:
- enable: true
index: 1
name: https_redirect
redirect_action:
keep_query: true
port: 443
protocol: HTTPS
status_code: HTTP_REDIRECT_STATUS_CODE_302
name: https_redirect
rule_name: https_redirect
type: HTTPPolicySet |
With status code 301 ltm rule /Common/https_301_redirect.irule {
when HTTP_REQUEST {
HTTP::respond 301 Location "https://[HTTP::host][HTTP::uri]"
}
} |
"name": "System-Secure-HTTP","type": "APPLICATION_PROFILE_TYPE_HTTP","http_profile": { "http_to_https": true, |
- avi_config:
http_request_policy:
rules:
- enable: true
index: 1
name: https_301_redirect.irule
redirect_action:
keep_query: true
port: 443
protocol: HTTPS
status_code: HTTP_REDIRECT_STATUS_CODE_301
name: https_301_redirect.irule
rule_name: https_301_redirect.irule
type: HTTPPolicySet |
HTTP to HTTPS Redirect
ltm rule /Common/https_redirect_host_only.irule {
when HTTP_REQUEST {
set host [HTTP::host]
HTTP::respond 302 Location "https://$host/"
}
} |
"name": "System-Secure-HTTP","type": "APPLICATION_PROFILE_TYPE_HTTP","http_profile": { "http_to_https": true, |
- avi_config:
http_request_policy:
rules:
- enable: true
index: 1
name: https_redirect_host_only.irule
redirect_action:
keep_query: true
port: 443
protocol: HTTPS
status_code: HTTP_REDIRECT_STATUS_CODE_302
name: https_redirect_host_only.irule
rule_name: https_redirect_host_only.irule
type: HTTPPolicySet |
Redirection
IRule Examples |
Avi HTTP Policies |
|---|---|
Redirect Match Host when HTTP_REQUEST {
if { [HTTP::host] equals "test5.test7.com"} {
HTTP::redirect "https://test5.test7.com[HTTP::uri]"
}
}
} |
- avi_config:
http_request_policy:
rules:
- enable: true
index: 1
match:
host_hdr:
match_case: INSENSITIVE
match_criteria: HDR_EQUALS
value:
- test7sps3-staging.scene7.com
name: staging_https
redirect_action:
host:
tokens:
- str_value: test7sps3-staging.test7.com
type: URI_TOKEN_TYPE_STRING
type: URI_PARAM_TYPE_TOKENIZED
keep_query: true
port: 443
protocol: HTTPS
status_code: HTTP_REDIRECT_STATUS_CODE_302
name: staging_https
rule_name: staging_https
type: HTTPPolicySet |
Redirect Match Host ltm rule /Common/foo.example_https {
when HTTP_REQUEST {
if { [HTTP::host] ends_with "foo.example.com"} {
HTTP::redirect "https://[HTTP::host][HTTP::uri]"
}
}
} |
- avi_config:
http_request_policy:
rules:
- enable: true
index: 1
match:
host_hdr:
match_case: INSENSITIVE
match_criteria: HDR_ENDS_WITH
value:
- foo.example.com
name: f00.example.com
redirect_action:
keep_query: true
port: 443
protocol: HTTPS
status_code: HTTP_REDIRECT_STATUS_CODE_302
name: foo.example.com
rule_name: foo.example.com
type: HTTPPolicySet |
Redirect URI ltm rule /Common/L7TetsScriptsHttpsRedirect {
when HTTP_REQUEST {
if { [string tolower [HTTP::uri]] starts_with "/supportscripts" } {
HTTP::redirect "https://[HTTP::host][HTTP::uri]"
}
}
} |
- avi_config:
http_request_policy:
rules:
- enable: true
index: 1
match:
path:
match_case: INSENSITIVE
match_criteria: BEGINS_WITH
match_str:
- /Testscripts
name: L7TestScriptsHttpsRedirect
redirect_action:
keep_query: true
port: 443
protocol: HTTPS
status_code: HTTP_REDIRECT_STATUS_CODE_302
name: L7TestScriptsHttpsRedirect
rule_name: L7TestScriptsHttpsRedirect
type: HTTPPolicySet |
Redirect: Match Host and Path ltm rule /v1-vpnlive30/crc_redirect_IR {
when HTTP_REQUEST {
if { [HTTP::host] equals "example.test7.com" and [HTTP::uri] contains "/foo/" } {
HTTP::redirect "https://marketing.foo.com/resources/help/en_US/s7/foo_api/image_rendering_api_ref.html"
}
}
} |
ltm rule /v1-vpnlive30/crc_redirect_IR {
when HTTP_REQUEST {
if { [HTTP::host] equals "example.test7.com" and [HTTP::uri] contains "/is-foo/" } {
HTTP::redirect "https://marketing.foo.com/resources/help/en_US/s7/foo_api/image_rendering_api_ref.html"
}
}
}
- avi_config:
http_request_policy:
rules:
- enable: true
index: 1
match:
host_hdr:
match_case: INSENSITIVE
match_criteria: HDR_EQUALS
value:
- example.test7.com
path:
match_case: INSENSITIVE
match_criteria: CONTAINS
match_str:
- /is-foo
name: crc_redirect_IR
redirect_action:
host:
tokens:
- str_value: marketing.foo.com
type: URI_TOKEN_TYPE_STRING
type: URI_PARAM_TYPE_TOKENIZED
keep_query: true
path:
tokens:
- str_value: resources/help/en_US/s7/foo_api/image_rendering_api_ref.html
type: URI_TOKEN_TYPE_STRING
type: URI_PARAM_TYPE_TOKENIZED
port: 443
protocol: HTTPS
status_code: HTTP_REDIRECT_STATUS_CODE_302
name: crc_redirect_IR
rule_name: crc_redirect_IR
type: HTTPPolicySet |
