dstokesf5
commented
1 year ago @donE89 Have you tried using httpHeader: https://github.com/F5Networks/f5-appsvcs-extension/issues/397#issuecomment-747603366 ?
Closed donE89 closed 8 months ago
dstokesf5
commented
1 year ago @donE89 Have you tried using httpHeader: https://github.com/F5Networks/f5-appsvcs-extension/issues/397#issuecomment-747603366 ?
donE89
commented
1 year ago In this particular scenario that workaround does not suffice.
dstokesf5
commented
9 months ago Can you please elaborate on your use case to help us understand why the http header option does not work for host checking? From my understanding, the host condition is just checking the host header.
RobCupples
commented
9 months ago Support for a http host condition in Endpoint_Policy was added in 3.47.0 which I think might cover your need. I'm sorry to say we missed reporting it here when it came out. Can you take a look and see if this works for you?
Here is an example declaration using it --
{
"class": "ADC",
"schemaVersion": "3.47.0",
"remark": "HTTP Host condition with LTM policy",
"Tenant": {
"class": "Tenant",
"Application": {
"class": "Application",
"http_host_service": {
"class": "Service_HTTP",
"virtualAddresses": [
"10.0.1.10"
],
"policyEndpoint": "http_host_policy",
"profileHTTP": {
"use": "httpProfile"
}
},
"httpProfile": {
"class": "HTTP_Profile",
"proxyConnectEnabled": true,
"proxyType": "explicit",
"resolver": {
"bigip": "/Common/f5-aws-dns"
}
},
"hostnames": {
"class": "Data_Group",
"keyDataType": "string",
"records": [
{
"key": "testKey",
"value": "test.com"
},
{
"key": "exampleKey",
"value": "example.com"
}
]
},
"http_host_policy": {
"class": "Endpoint_Policy",
"rules": [
{
"name": "http_host_1",
"conditions": [
{
"type": "httpHost",
"event": "proxy-request",
"all": {
"operand": "contains",
"datagroup": {
"bigip": "/Common/hostnames"
}
}
}
]
},
{
"name": "http_host_2",
"conditions": [
{
"type": "httpHost",
"event": "request",
"host": {
"operand": "ends-with",
"values": [
"test.com",
"example.com"
]
},
"caseSensitive": true
}
]
},
{
"name": "http_host_3",
"conditions": [
{
"type": "httpHost",
"event": "proxy-connect",
"port": {
"operand": "equals",
"values": [
8080,
8443
]
}
}
]
}
]
}
}
}
}
jmcalalang
commented
9 months ago Awesome! thank you for coming back to this one and letting us know! we're upgrading from 3.41 to 3.47 and will give this a try!
github-actions[bot]
commented
8 months ago This issue has been automatically closed because there has been no response to our request for more information from the original author. With only the information that is currently in the issue, we don't have enough information to take action. Please reach out if you have or find the answers we need so that we can investigate further.
Policy: ltm policy policy.somesite.com { controls { forwarding } last-modified 2022-10-19:21:37:10 requires { http } rules { "Redirect Rule" { actions { 0 { http-reply redirect location tcl:https://somesite-wiam.com[HTTP::uri] } } conditions { 0 { http-host host values { somesite.com } } } } } status published strategy first-match }
AS3 Input { "class": "AS3", "action": "dry-run", "declaration": { "class": "ADC", "schemaVersion": "3.41.0", "target": { "address": "10.47.200.211" }, "t_10.x.x.x": { "class": "Tenant", "remark": "AppID: 100294", "somesite.443.tcp.app": { "class": "Application", "template": "generic", "label": "https-bridge-app", "somesite.443.vs": { "class": "Service_HTTPS", "enable": true, "virtualAddresses": [ "10.x.x.x" ], "virtualPort": 443, "redirect80": false, "serverTLS": "somesite.c.ssl.pf", "clientTLS": { "bigip": "/Common/serverssl" }, "profileHTTP": { "bigip": "/Common/http" }, "iRules": [ "somesite.irule.csr.access.uat3.int.ally.com.redirects" ], "pool": "somesite.pool", "persistenceMethods": [ { "bigip": "/Common/cookie.bigip-encryption" } ], "policyEndpoint": [ { "use": "policy.somesite" } ], "snat": { "bigip": "/Common/SNATS_BANK_MDL1" }, "profileTCP": { "bigip": "/Common/tcp-lan-optimized" }, "profileAnalytics": { "bigip": "/Common/analytics" } }, "somesite.pool": { "class": "Pool", "loadBalancingMode": "round-robin", "slowRampTime": 10, "members": [ { "servicePort": 8484, "shareNodes": true, "adminState": "enable", "serverAddresses": [ "10.46.88.75" ] }, { "servicePort": 8484, "shareNodes": true, "adminState": "enable", "serverAddresses": [ "10.46.88.76" ] } ], "monitors": [ { "bigip": "/Common/tcp" } ] }, "policy.somesite": { "rules": [ { "name": "Redirect Rule", "conditions": [ { "event": "request", "type": "httpHeader", "host": { "values": [ "somesite" ], "operand": "equals" } } ], "actions": [ { "event": "request", "type": "httpRedirect", "location": "tcl:https://somenewsite.com[HTTP::uri]" } ] } ], "strategy": "first-match", "class": "Endpoint_Policy" }, "pool.tridion2011.uat3.8052": { "members": [ { "addressDiscovery": "static", "servicePort": 8052, "serverAddresses": [ "10.46.130.157", "10.46.130.160", "10.45.88.54", "10.45.88.55" ], "shareNodes": true } ], "monitors": [ { "bigip": "/Common/tcp_15" } ], "class": "Pool" }, "pool.somesite.8484": { "members": [ { "addressDiscovery": "static", "servicePort": 6301, "serverAddresses": [ "10.46.131.36", "10.46.131.39" ], "shareNodes": true }, { "addressDiscovery": "static", "servicePort": 8484, "serverAddresses": [ "10.46.88.75", "10.46.88.76" ], "shareNodes": true } ], "monitors": [ { "bigip": "/Common/tcp" } ], "class": "Pool" }, "somesite.443.cert": { "certificate": { "bigip": "/Common/lb-somesite" }, "privateKey": { "bigip": "/Common/lb-somesite" },
} } } }
Error: { "code": 422, "errors": [ "/t_10.x.x.x/somesite.443.tcp.app/policy.somesite/rules/0/conditions/0: should have required property 'all'" ], "declarationFullId": "", "message": "declaration is invalid" }