A load balancer is a device that distributes network or application traffic across a number of servers. Load balancers are used to increase capacity and reliability of applications.
When properly configured, F5 iRules utilize a scripting syntax which allows the load balancer to intercept, inspect, transform, and direct inbound or outbound application traffic.
In the event the application's source is unable to be modified and all other forms of injection have failed or are not applicable (i.e. assisted injection through Java rules for a PHP-based application), clients with a F5 load balancer can request their network security team configure an iRule to intercept an application's response and inject HTML into the page source necessary for enabling EUM. This is similar to the format that manual injection uses, but HTML is inserted into the webserver's response rather than into the original source code.
For instructions on how to build, deploy, and test an iRule, we recommend you consult your F5 support team and network security team as they are most knowledgeable and equipped to handle such a request. From an AppDynanics perspective, you must be properly licensed for EUM and have End User Monitoring (EUM) enabled for an application in your AppDynamics Controller UI. Clients who have the limited option of injection via F5 iRules have seen success using a template similar to the iRule listed below.
Generic F5 iRule Template (requires further customization)
when HTTP_REQUEST
{
# This is the condition for which requests will be matched against
if {[HTTP::uri] contains "segment/in/uri"} {
set enableEum 1
}
else {
set enableEum 0
}
# Disable the stream filter for client requests as we are only interested in the server response
STREAM::disable
# LTM does not uncompress response content, so if the server has compression enabled
# and it cannot be disabled on the server, we can prevent the server from
# sending a compressed response by removing the compression offerings from the client
# HTTP::header remove "Accept-Encoding"
}
when HTTP_RESPONSE
{
# Disable the stream filter for all server responses
STREAM::disable
# Inserts the necessary JavaScript for EUM
if {($enableEum == 1) && ([HTTP::header "Content-Type"] starts_with "text/html")} {
STREAM::expression {
@</title>@</title>
<script type="text/javascript" src="https://application.domain.com/adrum/adrum-config.js"></script>@}
# Enable the stream filter for this response only
STREAM::enable
}
}
How to use this template
1) Matching Condition - The matching condition in your first "if statement."
Change the condition in the above template to match inbound traffic to your application. In the template we match against segments in the application's URI. However, there are other properties which can be used (i.e [HTTP::path], [HTTP::host], etc.).
[HTTP::uri] contains "segment/in/uri"
2) Compression - Does your application use compression?
If you are unsure if compression is being used, there is a simple Curl test to find out. The results will return one of three responses: 1) "Content-Encoding: gzip". 2) "Content-Encoding: deflate", or 3) nothing. If the first or second response comes back that means the site is using compression, while an empty response means that compression is not being used.
Test:
curl -sILH 'Accept-Encoding: gzip,deflate' www.appdynamics.com | grep 'Content-Encoding'
Response:
Content-Encoding: gzip
If compression is being used, uncomment the following line from the template.
HTTP::header remove "Accept-Encoding"
If there isn't any compression, then keep the line commented out or remove it from the rule completely.
# HTTP::header remove "Accept-Encoding"
3) JavaScript Agent Config Location - Where is the JavaScript agent config file being hosted?
Slightly different than the previous version of the injection rule, an Agent config file (adrum-config.js) is injected directly into the page source. The Agent config file is a small JavaScript file which contains the 4.3.x JavaScript Agent configuration options such as the location of the adrum.js file, EUM application key, etc. The agent-config.js file is a self-hosted file.
<script type="text/javascript" src="https://application.domain.com/adrum/adrum-config.js"></script>
Before using the adrum-config.js file to initialize your JavaScript Agent configuration you will need to update the file to match your EUM Application Key, hosted location of the JavaScript Agent files (adrum.js or adrum-latest.js), as well as the URL for the EUM Server (SaaS or On-Prem).
The adrum-config.js example below assumes you are our EUM cloud to process the JavaScript Agent beacon data as well as the latest JavaScript Agent hosted in our CDN. You will need to create a file similar to this and host it yourself. A customized version of this file can be downloaded from within your EUM Application's configuration as documented here.
window['adrum-start-time'] = new Date().getTime();
(function(config){
config.appKey = 'AAB-AA-AUA';
config.adrumExtUrlHttp = 'http://cdn.appdynamics.com';
config.adrumExtUrlHttps = 'https://cdn.appdynamics.com';
config.beaconUrlHttp = 'http://col.eum-appdynamics.com';
config.beaconUrlHttps = 'https://col.eum-appdynamics.com';
config.xd = {enable : false};
})(window['adrum-config'] || (window['adrum-config'] = {}));
if ('https:' === document.location.protocol) {
document.write(unescape('%3Cscript')
+ " src='https://cdn.appdynamics.com/adrum/adrum-latest.js' "
+ " type='text/javascript' charset='UTF-8'"
+ unescape('%3E%3C/script%3E'));
} else {
document.write(unescape('%3Cscript')
+ " src='http://cdn.appdynamics.com/adrum/adrum-latest.js' "
+ " type='text/javascript' charset='UTF-8'"
+ unescape('%3E%3C/script%3E'));
}
4) JavaScript Agent Config Options – What is your application-specific configuration?
- EUM Application Key – What is your EUM Application Key as assigned in your Controller's UI?
This can be found by accessing your EUM Application Configuration via the controller UI. The key is typically eight letters long. Change the example key (AAB-AA-AUA) in the above template to your specific application key.
src='https://cdn.appdynamics.com/adrum/adrum-latest.js'
- JavaScript Agent Location - Where is the JavaScript agent being hosted?
If you intend to host the JavaScript agent file yourself, please update the source addresses in the if-else conditional statements at the bottom of the adrum-config.js file. Please see bolded lines in the example above for where to specify hosting location.
src='https://cdn.appdynamics.com/adrum/adrum-latest.js'
and
src='http://cdn.appdynamics.com/adrum/adrum-latest.js'
- EUM Server URL - Where should the agent send the beacon data?
If you are using an On-Prem EUM server, you will need to update the config.beaconUrlHttp and config.beaconUrlHttps above. For more information on how to find this URL, please refer to our documentation on manual injection found here.
config.beaconUrlHttp = 'http://col.eum-appdynamics.com';
and
config.beaconUrlHttps = 'https://col.eum-appdynamics.com';
5) Other Points To Consider
- In some cases, the Stream profile must re-enable response re-chunking as documented in https://support.f5.com/csp/article/K6422.
- Although the above script template is typically successful, every client environment is different. Therefore our team recommends that you consult a trained engineer responsible for managing your F5 load balancer. We also highly recommend testing in a sandbox or development environment before deploying any changes to your production environment.
Results
If properly configured, the iRule matches a condition for your application-specific traffic, the load balancer will inject the EUM-specific source (adrum-config.js) into the response received by the browser allowing the Javascript agent and the associated configuration to load in the browser, capture EUM data, and send the associated beacons back to the EUM Server.
<script src="https://application.domain.com/adrum/adrum-config.js"></script>
