Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Clear all filters
Answers

iRule - Switch host header in browser

Hello,

We have a special case were we have a customer sending traffic by IP instead of host name, VPN tunnel. Instead of https://test.f5.com/api/example there hitting us as https://37.123.55.109/api/example. This was causing an issue for us in regards to the IIS/Bindings expecting test.f5.com but was getting an IP. I have attached the below iRule to the bip-ip 443 virtual server and traffic seems to be flowing, I'm getting a response back from server but now I'm still getting an SSL error because the browser still shows the IP. Is my iRule missing anything?

when HTTP_REQUEST { if {[HTTP::uri] contains "api/example" } { HTTP::host test.f5.com pool Pool_Prod_API_Example } }

Thank you for the help!

0
Rate this Question

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hey sysadmin_2015

The reason why the browser does not change the URL is because you are simply rewriting the HTTP::header on the server-side connection. The IIS will accept the traffic because IIS Binding is receiving the correct HTTP header.

In order to have the web browser change the URL, you will need to redirect the user to the correct URL. However, based on the question, I'm guessing the FQDN is not resolvable by the client. Is it a Client VPN or a Site-to-Site VPN? If it's a Client VPN you could change the DNS servers of the client to one that can resolve the FQDN.

0
Comments on this Answer
Comment made 16-Oct-2018 by sysadmin_2015 256

Hello,

Thank you for the reply. Yes its a site-to-site vpn.

Thank you,

0
Comment made 17-Oct-2018 by Philip Jonsson 1097

Then you don't have much of a choice. You will need the client to be able to resolve the FQDN. How you do that the best depends on the environment.

If it's only one server, a quick and "dirty" way would be to modify the hosts file on the server.

Or you could let the server resolve against a DNS server in your own environment. Add that DNS to the server's DNS setting and let that DNS communication travel over the VPN tunnel.

0
Comment made 17-Oct-2018 by sysadmin_2015 256

Thank you for your help, I'll give it a try.

0