How to divert Rest api calls to a particular node?

Hi I want o divert rest api calls from external applications to a particular node. We are using F5 load balancer. I wrote a irule for this. Can someone certify whether it is correct or not?

 

rule divertingtraffic{

when HTTP_REQUEST {

if { [HTTP::host] equals"jira.charter.com"} {

if { [HTTP::uri] contains "/rest"} {

{pool/Common/normal}
}

}

if { [HTTP::host] not equals"jira.charter.com"} {

if { [HTTP::uri] equals "/login.jsp"} {

{pool/Common/normal}
}

}

else{
{pool/common/external}

}

}
}

Note: Pool normal contains (JIRA node 1,2,3, 4)

Pool external contains (JIRA node 5)

reference : https://confluence.atlassian.com/enterprise/traffic-distribution-with-atlassian-data-center-895912660.html

 

1 answer

Hello @Jonnada Kiran,

It's been a while since I've written irules for F5 but it appears your logic for "/rest" sends it to nodes 1-4 when I'm guessing you want it to go to node 5.  If so, maybe this will work:

rule divertingtraffic{

when HTTP_REQUEST {

if { [HTTP::host] equals"jira.charter.com"} {

if { [HTTP::uri] contains "/rest"} {

{pool/Common/external}
}
}

else{
{pool/common/internal}
}

}

 

Please forgive the possible syntax errors.  Does this work as you desire?  If so, please remember to accept this answer if it does so others can benefit.

Cheers,
~~Larry Brock

Thanks for the response. I wrote a new irule it works great now.

Hi @Jonnada Kiran - do you mind sharing your rule? I'm trying to work out a scenario where any external rest calls go to the rest server. However, if the rest call is from one of the nodes (1 and 2), I need it to stay in that node so that the session auth doesn't break.

For example, I have 3 nodes. 1 and 2 are just web nodes and the third is a rest node. If a user hits jira.domain.tld, the request goes to node 1 or node 2. If a user hits jira.domain.tld/rest/api/2/, the request goes to the rest node. 

Now, if a user is already in node 1 or node 2 and node 1 or node 2 needs to make a rest call, the call then goes out to the rest node and fails with a 401 "unauthorized" because the session is different between node1|2 and the restnode since I have sticky sessions. How can we ensure that rest api requests from node 1 and node 2 stay there instead of sending it out to the rest node to prevent sessions from breaking?

Larry Brock Community Champion Oct 29, 2018

@Tito Valentin- looks like your question has gone unanswered.  Might try re-asking as a new submission.  Unfortunately, I don't have an F5 I can play with so I won't be able to provide an answer. :-(

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Wednesday in Jira

Make your Atlassian Cloud products more secure: our NEW admin security guide

Hey admins! I’m Dave, Principal Product Manager here at Atlassian working on our cloud platform and security products. Cloud security is a moving target. As you adopt more products, employees consta...

90 views 0 4
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you