贴几个F5公司2005 iRule大赛的获奖iRule

全部 Linux 数据库敏捷编程数据结构软件测试项目管理 Oracle 编程综合互联网 Erlang MySQL

浏览 7955 次

锁定老帖子主题：贴几个F5公司2005 iRule大赛的获奖iRule 精华帖 (0) :: 良好帖 (0) :: 新手帖 (0) :: 隐藏帖 (0)
作者	正文
wdmsyf 等级: 性别: 文章: 140 积分: 505 来自: 厦门	发表时间：2006-11-30 相关推荐: 从ActionScript 2.0迁移到ActionScript 3.0: 主要概念和更改-使用事件使用ActionScript 2.0或ActionScript 3.0处理音频文件的提示点（cue 一步一步学ActionScript 2.0(八) Flash/Flex/AIR：ActionScript 2定时器－－基于观察者模式的实现 ActionScript2 delegate 研究(下) 更多相关推荐这几天学习iRule，参考了F5网站上不少例子，顺便也把２００５年iRule大赛的部分获奖iRule贴一下，一是备忘，二是供有需要的兄弟参考。 Tcl/Tk 代码 F5网站上iRule大赛的获奖iRule rule web_request { when HTTP_REQUEST { set ramcache_enable 0 if { [matchclass [IP::remote_addr] equals $::banned_ips] } { reject } if { [matchclass [HTTP::header Host] equals $::spec_hosts] } { if { [HTTP::header Host] starts_with "stat" } { set ramcache_enable 1 use pool web_stat } elseif { [HTTP::header Host] starts_with "userpic" } { use pool web_proxy } elseif { [HTTP::header Host] starts_with "files" } { use pool web_proxy } elseif { [HTTP::header Host] starts_with "mrtg" } { use pool web_mrtg } } elseif { [HTTP::uri] starts_with "/userpic/" } { if { [HTTP::header If-Modified-Since] contains ":" } { HTTP::respond 304 } else { use pool web_proxy } } elseif { [HTTP::uri] starts_with "/directory.bml" } { use pool web_directory } elseif { [matchclass [HTTP::uri] starts_with $::static_dirs] } { set ramcache_enable 1 use pool web_static } elseif { [HTTP::uri] starts_with "/interface/atom" } { use pool nokia_lifeblog } else { use pool web_proxy } } when CACHE_REQUEST { if { $ramcache_enable == 0 } { CACHE::disable } } } ======================================= when RULE_INIT { set ::maxconnect 200 set ::freezetime 600 array set ::users { } array set ::spammers { } } when CLIENT_ACCEPTED { set clientip [IP::remote_addr] set now [clock second] if { [ info exists ::spammers($clientip) ] } { set timeelapsed [expr $now - $::spammers($clientip)] if { $::freezetime > $timeelapsed } { incr ::users(nb,$clientip) reject return } else { if { [ $::users(nb,$clientip) ] > $::maxconnect } { # this guy is still trying to spam, even when blacklisted # we keep him blacklisted, but we reset the counters set ::spammers($clientip) $now set ::users(nb,$clientip) 1 set ::users(time,$clientip) $now log "client $clientip remains in spammerslist $::users(nb,$clientip connections rejected in the last $::freezetime seconds" reject return } else { unset ::spammers($clientip) log "client $clientip removed from spammerslist $::users(nb,$clientip) connections rejected in the last $::freezetime seconds" } } } if { [ info exists ::users(nb,$clientip)] } { log "autre passage $clientip $now $::users(nb,$clientip)" incr ::users(nb,$clientip) if { $::users(nb,$clientip) > $::maxconnect } { set ::spammers($clientip) $now set ::users(nb,$clientip) 1 set ::users(time,$clientip) $now log "client $clientip added to spammerslist $::users(nb,$clientip connections accepted in the last $::freezetime seconds" reject return } } else { # First Time we see this clientip set ::users(nb,$clientip) 1 set ::users(time,$clientip) $now log "PREMIER CLIENT $clientip $now" } pool mail-smtp } ============================================ when RULE_INIT { # F5 iRule for performing rewriting of # # - HTTP-request URI:s # # and # # - HTTP-response 'Location' headers # (redirect rewrite's) # # Define URI rewrite rules here set ::request_rewrite [list "/a /b" "/foo /bar"]; # Define Redirect Rewrite rules here set ::redirect_rewrite [list "http://10.1.2.3/a /b"] } when HTTP_REQUEST { set uri [HTTP::uri]; log LOCAL0.debug "URI=$uri"; # check all 'request_rewrite' rules.. # break when first match is found.. foreach x $::request_rewrite { set a [getfield $x " " 1]; log LOCAL0.debug "? uri start_with '$a' ..."; if { $uri starts_with $a } { set b [getfield $x " " 2]; log LOCAL0.debug "...yes, replace '$a' with '$b'"; set len [string length $a]; set tmp [substr $uri $len]; set uri "${b}${tmp}"; log LOCAL0.debug "URI=$uri"; HTTP::uri $uri; break; } } } when HTTP_RESPONSE { # check if redirect (HTTP status 3xx) # and 'Location:' header exists... # # return immediately if # there is nothing to rewrite if { [HTTP::status] starts_with "3" } { set location [HTTP::header "Location"]; if { $location == "" } { return; } } else { return; } # check all 'ProxyPassReverse' entries.. # and 'break' when first match is found... log LOCAL0.debug "Location: $location (check for rewrites)"; foreach x $::redirect_rewrite { set a [getfield $x " " 1]; log LOCAL0.debug " ? starts_with '$a' ... "; if { $location starts_with $a } { set b [getfield $x " " 2]; log LOCAL0.debug "...yes, replace '$a' with '$b'"; set len [string length $a]; set tmp [substr $location $len]; set location "${b}${tmp}"; log LOCAL0.debug "Location: $location"; HTTP::header replace "Location" $location; break; } } } ========================================== rule my-iRule { when CLIENT_ACCEPTED { if { [active_members my-pool] == 0 } { discard } else { use pool my-pool if { ([IP::client_addr] eq "1.1.1.8") \|\| ([IP::client_addr] eq "1.2.1.8") } { persist none } else { persist source_addr 1800 } } } } ====================================== when HTTP_REQUEST { set DEBUG 1 if { $FINISHED } { return } # REDIRECTS for So. Cal users set refer_host [URI::host [HTTP::header "Referer"]] log local0. "Referer: ${refer_host} IP: [IP::remote_addr]" if { [IP::remote_addr] starts_with "10.120." } { if { not (${refer_host} starts_with "intranet") } { if { [HTTP::uri] == "/" \|\| [HTTP::uri] == "" \|\| [HTTP::uri] == "/our/intranet/site"} { if { $DEBUG } { log local0. "SoCal redirect: [ IP::remote_addr ]" log local0. "URI: [ HTTP::uri ]" log local0. "Referer: ${refer_host}" } HTTP::redirect "http://${host}/intranet/socal" set FINISHED 1 return } } } } ========================================== when HTTP_REQUEST { ## ## Default Variables ## set uriValue [HTTP::uri] set srcAddr [IP::remote_addr] set internalHost http://internal.example.com set sendCacheControl 0 # 1 is compressed, 0 is not set compress_client_ok 1 ## ## Compression ## if { $srcAddr starts_with "10.1.1." } { # Disabling Compression for Client 1 set compress_client_ok 0 } elseif { $srcAddr starts_with "10.2.2." } { # Disabling Compression for Client 2 set compress_client_ok 0 } elseif { $srcAddr starts_with "10.3.3." } { # Disabling Compression for Client 3 # Except for NPS if { $uriValue starts_with "/nps/" } { set compress_client_ok 1 } else { set compress_client_ok 0 } } elseif { $srcAddr starts_with "192.168.113." } { # The lab for testing set compress_client_ok 0 } ## ## Generic Redirects ## if { $uriValue starts_with "/forme" } { HTTP::uri /index.html } elseif { $uriValue starts_with "/formf" } { HTTP::uri /index_f.html } elseif { $uriValue starts_with "/fape" } { HTTP::uri /fapindex.html } elseif { $uriValue starts_with "/fapf" } { HTTP::uri /fapindex_f.html } elseif { $uriValue starts_with "/vace" } { HTTP::uri /vacindex.html } elseif { $uriValue starts_with "/vacf" } { HTTP::uri /vacindex_f.html } elseif { $uriValue starts_with "/idcd" } { HTTP::uri /idcd.html } elseif { $uriValue starts_with "/johnson" } { HTTP::uri /johnsonindex.html } elseif { $uriValue starts_with "/pplus" } { HTTP::redirect $internalHost/forms90/f90nosec?config=pplus } ## ## Start the WebSphere 4 Configuration ## if { $uriValue starts_with "/sso/" } { HTTP::header replace HOST sso-app.example.com:8000 pool was } elseif { $uriValue starts_with "/nps/" } { HTTP::header replace HOST nps-app.example.com:8000 pool was } elseif { $uriValue starts_with "/qar/" } { HTTP::header replace HOST qar-app.example.com:8000 pool was-qar } elseif { $uriValue starts_with "/prs" } { HTTP::header replace HOST prs-app.example.com:8000 pool was } elseif { $uriValue starts_with "/inqportal/" } { HTTP::header replace HOST ip-app.example.com:8000 pool was } elseif { $uriValue starts_with "/gmp/" } { HTTP::header replace HOST gmp-app.example.com:8000 pool was } elseif { $uriValue starts_with "/lws/" } { HTTP::header replace HOST lw-app.example.com:8000 pool was } elseif { $uriValue starts_with "/oms/" } { HTTP::header replace HOST om-app.example.com:8000 pool was } elseif { $uriValue starts_with "/es/" } { if { $uriValue contains "u_.uhtml" } { set sendCacheControl 1 } pool was-es } elseif { $uriValue starts_with "/wsso/" } { regsub "/wsso/" $uriValue "/" newURI HTTP::header replace HOST abcclogin-app.example.com:8000 HTTP::uri $newURI pool was } elseif { $uriValue starts_with "/ABCCLogin/" } { HTTP::header replace HOST abcclogin-app.example.com:8000 pool was } ## ## Starting the Oracle Application Server Configuration ## if { $uriValue starts_with "/discoverer/osso_login_success" } { regsub "/discoverer/" $uriValue "/" newURI HTTP::uri $newURI pool oas-disco } elseif { $uriValue starts_with "/discoverer/osso_logout_success" } { regsub "/discoverer/" $uriValue "/" newURI HTTP::uri $newURI pool oas-disco } elseif { $uriValue starts_with "/osso_login_success" } { if { [HTTP::header refer] contains "/discoverer/" } { pool oas-disco } else { pool oas-app } } elseif { $uriValue starts_with "/osso_logout_success" } { if { [HTTP::header refer] contains "/discoverer/" } { pool oas-disco } else { pool oas-app } } elseif { $uriValue starts_with "/portal/pls/" } { regsub "/portal/" $uriValue "/" newURI HTTP::uri $newURI pool oas-app } elseif { $uriValue starts_with "/infra/pls/" } { regsub "/infra/" $uriValue "/" newURI HTTP::uri $newURI pool oas-infra } elseif { $uriValue starts_with "/sso_mes/forms90/" } { regsub "/sso_mes/" $uriValue "/" newURI HTTP::uri $newURI pool oas-app } elseif { $uriValue starts_with "/sso_cmf/forms90/" } { regsub "/sso_cmf/" $uriValue "/" newURI HTTP::uri $newURI pool oas-app } elseif { $uriValue starts_with "/orasso/" } { regsub "/orasso/" $uriValue "/pls/orasso" newURI HTTP::uri $newURI pool oas-infra } elseif { $uriValue starts_with "/reports" } { pool oas-app } elseif { $uriValue starts_with "/forms90" } { pool oas-app } elseif { $uriValue starts_with "/discoverer" } { pool oas-disco } elseif { $uriValue starts_with "/jinitiator" } { pool oas-app } elseif { $uriValue starts_with "/vac/" } { pool oas-app } elseif { $uriValue starts_with "/icons/" } { pool oas-app } elseif { $uriValue starts_with "/images/" } { pool oas-app } elseif { $uriValue starts_with "/pls/" } { pool oas-infra } ## ## Starting the WebSphere 6 Configuration ## if { $uriValue starts_with "/UWAWeb/" } { pool was6 } elseif { $uriValue starts_with "/RAWeb/" } { pool was6 } elseif { $uriValue starts_with "/PlanAA" } { pool was6 } elseif { $uriValue starts_with "/GroupCCWeb/" } { pool was6 } elseif { $uriValue starts_with "/AgentBonusWeb/" } { pool was6 } elseif { $uriValue starts_with "/ftp/" } { pool was6 } elseif { $uriValue starts_with "/PMP/" } { pool was6 } ## ## End of HTTP_REQUEST Configuration ## } when HTTP_RESPONSE { ## ## Default Variables for this Section ## set location [HTTP::header location] set destHost "//internal.example.com" set sunHost "//bcsun...example.com:800." set unifiHost "-app.example.com:8000" set wwwHost "//wserv1.example.com" set webAppHost "//webappi.example.com" set hdr_content_type [string tolower [HTTP::header Content-Type]] ## ## Compression ## if { $hdr_content_type starts_with "text/" or $hdr_content_type equals "application/x-javascript" or $hdr_content_type equals "application/xml" } { if { $compress_client_ok == 1 } { COMPRESS::enable HTTP::header insert Vary Accept-Encoding } } ## ## Sending HTTP/1.1 Cache-Control Header if required ## if { $sendCacheControl equals 1 } { HTTP::header replace Cache-Control "no-store, no-cache, must-revalidate, post-check=0, pre-check=0" } ## ## Ensuring the location header is correct ## if { [regexp "\/\/....$unifiHost" $location] } { regsub "\/\/....$unifiHost" $location $destHost newLocation HTTP::header replace location $newLocation } elseif { [regexp "\/\/...$unifiHost" $location] } { regsub "\/\/...$unifiHost" $location $destHost newLocation HTTP::header replace location $newLocation } elseif { [regexp "\/\/..$unifiHost" $location] } { regsub "\/\/..$unifiHost" $location $destHost newLocation HTTP::header replace location $newLocation } elseif { $location contains $wwwHost } { regsub $wwwHost $location $destHost newLocation HTTP::header replace location $newLocation } elseif { $location contains $webAppHost } { regsub $webAppHost $location $destHost newLocation HTTP::header replace location $newLocation } elseif { $location contains $sunHost } { regsub $sunHost $location $destHost newLocation HTTP::header replace location $newLocation } ## ## End of HTTP_RESPONSE Configuration ## } ============================================ when RULE_INIT { array set ::CLIENT_SERVERS { #SITE B CLIENT SERVERS #SERVER IP #SERVER VIP 10.10.70.128 10.10.69.50 10.10.70.129 10.10.69.50 10.10.70.130 10.10.69.50 10.10.70.131 10.10.69.50 10.10.70.132 10.10.69.50 10.10.70.133 10.10.69.50 10.10.70.134 10.10.69.50& 声明：ITeye文章版权属于作者，受法律保护。没有作者书面许可不得转载。推荐链接
返回顶楼

wdmsyf 等级: 性别: 文章: 140 积分: 505 来自: 厦门	发表时间：2006-11-30 可恶，后面部分贴不上去，不知每个贴子限多少字数。补在这里吧： #SITE A CLIENT SERVERS #SERVER IP #SERVER VIP 10.10.22.130 10.10.21.50 10.10.22.131 10.10.21.50 10.10.22.132 10.10.21.50 10.10.22.133 10.10.21.50 10.10.22.134 10.10.21.50 10.10.22.135 10.10.21.50 } } when HTTP_REQUEST { if { [HTTP::cookie exists "my_cookie"] { HTTP::cookie decrypt "my_cookie" "iggus99!" set vipid [lindex [HTTP::cookie my_cookie] 0] set poolid [lindex [HTTP::cookie my_cookie] 1] set serverid [lindex [HTTP::cookie my_cookie] 2] set portid [lindex [HTTP::cookie my_cookie] 3] if { [catch { use pool $poolid member $serverid $portid }] } { log "$serverid:$portid not local, redirecting to https://$vipid/[HTTP::uri]/" redirect to "https://$vipid/[HTTP::uri]/" #reject return } else { use pool $poolid member $serverid $portid } } } when HTTP_RESPONSE { HTTP::cookie insert name my_cookie value [concat [virtual name] [LB::server]] HTTP::cookie encrypt "my_cookie" "iggus99!" } ================================================ # All incoming requests are terminated on the same load balanced HTTPS virtual server. # Search for XMLSOAP tag field and replace https:// with http:// as # we're terminating SSL on the BIGIP. when HTTP_REQUEST { if { [string tolower [HTTP::uri] ] starts_with "/soapapp/" } { set clen [HTTP::header Content-Length] if { not [info exists clen] or "" eq $clen } { set clen 4096 } HTTP::collect $clen # Forward to SOAP Servers pool soapservers-http persist none } else { # Forward to main Web Servers pool webservers-http persist cookie } } when HTTP_REQUEST_DATA { set old_content "To>https://" set new_content "To>http://" set len_old_content [string length $old_content] set offset [string first $old_content [HTTP::payload]] if { $offset >= 0 && [expr { $offset + $len_old_content }] <= [HTTP::header Content-Length] } { HTTP::payload replace $offset $len_old_content $new_content if { [HTTP::header exists Content-Length] } { set clen [HTTP::header Content-Length] if { [info exists clen] and "" ne $clen } { set nclen [expr { $clen - [string length $old_content] + [string length $new_content] }] HTTP::header replace Content-Length $nclen } } } } ============================================ #Written by Adam Kramer (akramer@netifice.com) for Netifice Corporation #July, 2005 when CLIENT_ACCEPTED { TCP::collect 2 } when CLIENT_DATA { #read initial socks handshake - the version number, and the number of auth methods supported binary scan [TCP::payload] cc socksver numauthmethods if { $socksver != 5 } { log local0. "Got non-socks connection from client [IP::remote_addr]" reject return } #set offset to the beginning of the second packet (SSL negotiation) set offset [expr {2 + $numauthmethods}] if { [TCP::payload length] == $offset } { #only respond if exactly the right amount of data was sent TCP::respond [binary format H2H2 05 86] TCP::collect [expr {$offset + 1}] return } #more data than the offset, this means we got the first packet of the SSL negotiation if { [TCP::payload length] > $offset} { # 4 bytes is the length of the SOCKS SSL header, 1 byte gets to the SSL version field #another 41 bytes past that is the session length, immediately following is the session (if it exists) #binary scan gracefully handles the string being too short, so we can safely read all 3 values here binary scan [TCP::payload] "x[expr {$offset + 5}]cx41ch32" sslversion sessionlength hexid if { $sslversion != 3 } { log local0. "Received wrong SSL version in header from client [IP::remote_addr]" reject return } if { $sessionlength == 0 } { #this is a new connection, allow normal server selection return } else { persist universal $hexid return } } #this should never happen, but a bad client might do it, moved to bottom for performance if { [TCP::payload length] < $offset } { TCP::collect $offset return } } when SERVER_CONNECTED { #send current full payload from client to server, we need server's ssl hello #also delete client payload - replace returns the replaced characters, doing both in one shot saves 50,000 cycles TCP::respond [clientside {TCP::payload replace 0 [TCP::payload length] ""}] # 5 bytes should do it, only 2 bytes to the first socks handshake TCP::collect 5 } when SERVER_DATA { #remove initial protocol negotiation since we already did that with client TCP::payload replace 0 2 "" # 4 bytes for socks ssl header, 44 for offset of session id binary scan [TCP::payload] "x48h32" hexid #need to add a session state for the case where the client didn't send a session ID #calling persist as is commented out below does not add it - bug? the "1" is arbitrary just to make an entry #persist universal $hexid session add universal $hexid 1 } =================================================
返回顶楼	回帖地址 0 0 请登录后投票

dogstar 等级: 性别: 文章: 376 积分: 312 来自: 杭州	发表时间：2006-12-05 最好先科普一下这东西是什么，google了半天，也没有出来什么介绍。呵呵
返回顶楼	回帖地址 0 0 请登录后投票

论坛首页 → 综合技术版

跳转论坛: