浏览 7957 次
精华帖 (0) :: 良好帖 (0) :: 新手帖 (0) :: 隐藏帖 (0)
|
|
---|---|
作者 | 正文 |
发表时间:2006-11-30
这几天学习iRule,参考了F5网站上不少例子,顺便也把2005年iRule大赛的部分获奖iRule贴一下,一是备忘,二是供有需要的兄弟参考。 Tcl/Tk 代码
声明:ITeye文章版权属于作者,受法律保护。没有作者书面许可不得转载。
推荐链接
|
|
返回顶楼 | |
发表时间:2006-11-30
可恶,后面部分贴不上去,不知每个贴子限多少字数。补在这里吧:
#SITE A CLIENT SERVERS #SERVER IP #SERVER VIP 10.10.22.130 10.10.21.50 10.10.22.131 10.10.21.50 10.10.22.132 10.10.21.50 10.10.22.133 10.10.21.50 10.10.22.134 10.10.21.50 10.10.22.135 10.10.21.50 } } when HTTP_REQUEST { if { [HTTP::cookie exists "my_cookie"] { HTTP::cookie decrypt "my_cookie" "iggus99!" set vipid [lindex [HTTP::cookie my_cookie] 0] set poolid [lindex [HTTP::cookie my_cookie] 1] set serverid [lindex [HTTP::cookie my_cookie] 2] set portid [lindex [HTTP::cookie my_cookie] 3] if { [catch { use pool $poolid member $serverid $portid }] } { log "$serverid:$portid not local, redirecting to https://$vipid/[HTTP::uri]/" redirect to "https://$vipid/[HTTP::uri]/" #reject return } else { use pool $poolid member $serverid $portid } } } when HTTP_RESPONSE { HTTP::cookie insert name my_cookie value [concat [virtual name] [LB::server]] HTTP::cookie encrypt "my_cookie" "iggus99!" } ================================================ # All incoming requests are terminated on the same load balanced HTTPS virtual server. # Search for XMLSOAP tag field and replace https:// with http:// as # we're terminating SSL on the BIGIP. when HTTP_REQUEST { if { [string tolower [HTTP::uri] ] starts_with "/soapapp/" } { set clen [HTTP::header Content-Length] if { not [info exists clen] or "" eq $clen } { set clen 4096 } HTTP::collect $clen # Forward to SOAP Servers pool soapservers-http persist none } else { # Forward to main Web Servers pool webservers-http persist cookie } } when HTTP_REQUEST_DATA { set old_content "To>https://" set new_content "To>http://" set len_old_content [string length $old_content] set offset [string first $old_content [HTTP::payload]] if { $offset >= 0 && [expr { $offset + $len_old_content }] <= [HTTP::header Content-Length] } { HTTP::payload replace $offset $len_old_content $new_content if { [HTTP::header exists Content-Length] } { set clen [HTTP::header Content-Length] if { [info exists clen] and "" ne $clen } { set nclen [expr { $clen - [string length $old_content] + [string length $new_content] }] HTTP::header replace Content-Length $nclen } } } } ============================================ #Written by Adam Kramer (akramer@netifice.com) for Netifice Corporation #July, 2005 when CLIENT_ACCEPTED { TCP::collect 2 } when CLIENT_DATA { #read initial socks handshake - the version number, and the number of auth methods supported binary scan [TCP::payload] cc socksver numauthmethods if { $socksver != 5 } { log local0. "Got non-socks connection from client [IP::remote_addr]" reject return } #set offset to the beginning of the second packet (SSL negotiation) set offset [expr {2 + $numauthmethods}] if { [TCP::payload length] == $offset } { #only respond if exactly the right amount of data was sent TCP::respond [binary format H2H2 05 86] TCP::collect [expr {$offset + 1}] return } #more data than the offset, this means we got the first packet of the SSL negotiation if { [TCP::payload length] > $offset} { # 4 bytes is the length of the SOCKS SSL header, 1 byte gets to the SSL version field #another 41 bytes past that is the session length, immediately following is the session (if it exists) #binary scan gracefully handles the string being too short, so we can safely read all 3 values here binary scan [TCP::payload] "x[expr {$offset + 5}]cx41ch32" sslversion sessionlength hexid if { $sslversion != 3 } { log local0. "Received wrong SSL version in header from client [IP::remote_addr]" reject return } if { $sessionlength == 0 } { #this is a new connection, allow normal server selection return } else { persist universal $hexid return } } #this should never happen, but a bad client might do it, moved to bottom for performance if { [TCP::payload length] < $offset } { TCP::collect $offset return } } when SERVER_CONNECTED { #send current full payload from client to server, we need server's ssl hello #also delete client payload - replace returns the replaced characters, doing both in one shot saves 50,000 cycles TCP::respond [clientside {TCP::payload replace 0 [TCP::payload length] ""}] # 5 bytes should do it, only 2 bytes to the first socks handshake TCP::collect 5 } when SERVER_DATA { #remove initial protocol negotiation since we already did that with client TCP::payload replace 0 2 "" # 4 bytes for socks ssl header, 44 for offset of session id binary scan [TCP::payload] "x48h32" hexid #need to add a session state for the case where the client didn't send a session ID #calling persist as is commented out below does not add it - bug? the "1" is arbitrary just to make an entry #persist universal $hexid session add universal $hexid 1 } ================================================= |
|
返回顶楼 | |
发表时间:2006-12-05
最好先科普一下这东西是什么,google了半天,也没有出来什么介绍。呵呵
|
|
返回顶楼 | |