ACE match http url issue

joeharb · ‎01-03-2013

We are having an issue with a matching specific text in a url and sending it to the appropriate server farm.

Here is the scenario:

Client goes to https://www.xxx.com/S02YYYY the rule is the match anything S02 and send it to a specific farm. I see hits on this class map and it seems to work fine on that pass, but after the client hits the above page the servers send a redirect with the "full" path. So the client then attemps to go to

https://www.xxx.com/ZZZ/Web/Logon.aspx?ReturnUrl=%moreinformationthenweseeS02XXXX

I have removed some of the syntax for privacy reasons but I have found other posts on that the ace doesn't handle the matching of a url after the "?", is this correct?

Thanks,

Joe

Francesco Casotto · ‎01-03-2013

Hello Joe,

although this seems like a common scenario it's a bit of a tricky configuration.

The point is that, yes, normally the ace would stop parsing the URL at the ? sign (or at whatever char is configured a query string delimiter via the command "set secondary-cookie-start ..."). The ACE would have the ability to parse the remaining part of the URL by using the secondary-cookie matching feature, like:

2 match http cookie secondary S02 cookie-value ".*"

but also this would not directly work in your configuration because the ACE expects the format cookiename=cookevalue and your string will not match. Trying to outmsart the CLI appending an "=" to the cookiename would not work as the CLI would not consider it a valid name.

However the desired result is achievable, the trick is to tell the ACE to renounce distinguishing between URL and Query String, this is achievable via:

parameter-map type http HTTP-PARM

set secondary-cookie-start none

at this point the ACE will consider everything as part of the URL and the matching will no longer stop at ?.

So in your case you would have to configure a classmap like:

class-map type http loadbalance match-any URL

2 match http url /.*S02.*

and after applying the above parameter map it will start to match.

Please let me know if it works.

Cheers,

Francesco

joeharb · ‎01-03-2013

Thanks for your response, I will but this in place and test but I do want to verify that this will not affect the sticky http-cookie configuration that in place. Will the clients connection on the redirect be sticky to the real server they are placed on?

Thanks,

Joe

Francesco Casotto · ‎01-04-2013

Hello Joe,

I would expect this configuration to affect cookie stickiness just in case you use the secondary cookie feature (basically looking in the URL after the ? for a parameter=value tuple representing the cookie, devised for those web application that try to have some persistence even with clients that do not support / refuse cookies). If you don't use that I would expect stickiness to continue to work.

Kind Regards,

Francesco

usman ali dar · ‎06-06-2014

i have the same issue but when i try to capture the data from and saw the ace is getting the full url even after "?" but then the request is sent to wrong server farm is that mean that ACE is still not parsing the complete URL or it is but needs to amend the config.

i am also using sticky server farms so after having the class map as told apply the param in it so that ace can do the parsing after "?"

IS THAT ALL ?

Kanwaljeet Singh · ‎06-06-2014

Hi Usman,

Ace is not parsing after ? even though you see the complete URL. Please do the configuration as suggested and check. That should resolve the issue:) Let me know if any questions or issues.

Regards,

Kanwal

usman ali dar · ‎06-09-2014

hey kanwalsi,

i tried with the param http match with none as secondary cookie but no success the response is still the same.

when i add default policy with a serverfarm i get the response but wrong one when i want to go to GSB2 serverfarm and correct when i use Geor instance

when there is no default policy in L7 first match then niether of them works