Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Using F5 as a proxy between two websites

 

Hello Devcentral,

I’m trying to set an IRule to act as a proxy between two websites without changing the URL in the user’s browser.

When user goes to

https://www.site1.com/test

 

The F5 should go to https://www.site2.com/test and reply to the user (as I said without changing the URL in his browser).

 

I tried this syntax but it doesn’t seem to be working:

 

when HTTP_REQUEST {

  if { [HTTP::uri] starts_with "/test" } {

        HTTP::header replace Host "www.site2.com"

}

}

 

Can you please advise me what am I doing wrong here?

Tnx, Yaniv.

0
Rate this Question

Answers to this Question

15 Answers:

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
i understand you also have to use pool or node command after replacing host header to send traffic to www.site2.com.

node Wiki
https://devcentral.f5.com/wiki/iRules.node.ashx
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Are you terminating the SSL on the BIG-IP? What exactly isn't working?
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Hi Nitass\Steve,
Thank you for your replies,
Both sites (www.site1.com & www.site2.com) are published to the world by the F5 and the SSL is being terminated by the F5 ( by the way, version 10.2.3 build 112.0 Final).
After I applied the given syntax to the VIP I still get content from site1 instead from site2.
* I do know that the condition line is working well ( if { [HTTP::uri] starts_with "/test" } ) because regular redirecting working well:

when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/test" } {
HTTP::redirect https://www.site2.com[HTTP::uri]

}
}

but that is not what I need as this is changing the text in the user's browser.
Yaniv.


0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
if both sites are managed by bigip, you may use virtual command instead.

e.g.
[root@ve10:Active] config # b virtual bar1 list
virtual bar1 {
   destination 172.28.19.252:80
   ip protocol 6
   rules myrule
   profiles {
      http {}
      tcp {}
   }
}
[root@ve10:Active] config # b rule myrule list
rule myrule {
   when HTTP_REQUEST {
  if { [HTTP::uri] starts_with "/test" } {
    HTTP::header replace Host "www.site2.com"
    virtual bar2
  }
}
}
[root@ve10:Active] config # b virtual bar2 list
virtual bar2 {
   snat automap
   pool foo
   destination 1.1.1.1:80
   ip protocol 6
}
[root@ve10:Active] config # b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}

[root@ve10:Active] config # ssldump -Aed -nni 0.0 port 80
New TCP connection #1: 172.28.19.251(47230) <-> 172.28.19.252(80)
1358775742.2911 (0.0010)  C>S
---------------------------------------------------------------
GET /test/something HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Accept: */*
Host: www.site1.com

---------------------------------------------------------------

New TCP connection #2: 172.28.19.251(47230) <-> 1.1.1.1(80)
1358775742.2913 (0.0000)  C>S
---------------------------------------------------------------
GET /test/something HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Accept: */*
Host: www.site2.com

---------------------------------------------------------------

New TCP connection #3: 200.200.200.253(47230) <-> 200.200.200.101(80)
1358775742.2931 (0.0017)  C>S
---------------------------------------------------------------
GET /test/something HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Accept: */*
Host: www.site2.com

---------------------------------------------------------------
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
OK, a few more questions then;

1) Is this the only iRule applied to the VS?
2) Where or what is site2? Is it hosted on the same servers as site1?

Also just FYI, you could add some logging just before the HTTP::header command. Something like 'log local0. "Matched /test URI, rewriting header"
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Just noticed the flaw in your rule. You are checking the URI, not the host. I think you need to do both;

when HTTP_REQUEST {
 if { (([string tolower [HTTP::uri]] starts_with "/test") && ([string tolower [HTTP::host]] equals "www.site1.com")) } {
  HTTP::header replace Host "www.site2.com"
 }
}
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
That should be '&&' by the way, not '&...'
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Hi Steve,
Thank you for your help.
I have tried the syntax you suggested but I still get content from site1 (I'm checking this by browsing to https://www.site1.com/test/1.txt and this is how I know if i get content from site1 or site2)

In answer to your questions:
1. This is the only IRule applied on this VIP.
2. Site2 is another VIP which use other nodes than the nodes of Site1.
3. i didnt quite understand how to add the logging to the rule, if you can give them within an example syntax I could add them.

Tnx, Yaniv.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
OK, that clears things up somewhat, thanks to Nitass too. Try this which will forward traffic to the site2 Virtual Server after the header replacement;

when HTTP_REQUEST {
 if { (([string tolower [HTTP::uri]] starts_with "/test") && ([string tolower [HTTP::host]] equals "www.site1.com")) } {
  log local0. "Matched host site1.com and uri /test"
  HTTP::header replace Host "www.site2.com"
  virtual 'site2-VS-name'
 }
}
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Hi Steve,
That fixed it !!
well done mate, I've been trying to figure this out for few hours by now till I posted here.
Can you please explain why was it necessary to add the virtual server name to the syntax?

Thank you Nitass of course as well.
Yaniv.




0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
You're welcome. You needed to specify the virtual as otherwise the traffic would be just be sent to the Pool Members in the default Pool configured for the original Virtual the iRule is applied to and these of course don't host the site2 content; the Pool Members of the site2 VS do. Changing the header alone won't get the traffic to the right place.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

I see, and what if site2 was not hosted by the F5?
(Suppose it was a physical server).
Would it work without the addition?

Yaniv.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
If you created a Pool with the site2 servers in it and then sent the traffic to it using the pool command rather than the virtual command that would work. Either way you would have to specifically route the traffic to the correct place unless site1's Pool Members were also hosting site2.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
I understand,
I appreciate all your help, thanks again.

cheers, Yaniv.
0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER
Great. You're very welcome. Cheers
0
;