Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral


Questions and Answers

Loading... Loading...

 

Hello Devcentral,

I’m trying to set an IRule to act as a proxy between two websites without changing the URL in the user’s browser.

When user goes to

https://www.site1.com/test

 

The F5 should go to https://www.site2.com/test and reply to the user (as I said without changing the URL in his browser).

 

I tried this syntax but it doesn’t seem to be working:

 

when HTTP_REQUEST {

  if { [HTTP::uri] starts_with "/test" } {

        HTTP::header replace Host "www.site2.com"

}

}

 

Can you please advise me what am I doing wrong here?

Tnx, Yaniv.


15 Answer(s):

i understand you also have to use pool or node command after replacing host header to send traffic to www.site2.com.

node Wiki
https://devcentral.f5.com/wiki/iRules.node.ashx
Are you terminating the SSL on the BIG-IP? What exactly isn't working?
Hi Nitass\Steve,
Thank you for your replies,
Both sites (www.site1.com & www.site2.com) are published to the world by the F5 and the SSL is being terminated by the F5 ( by the way, version 10.2.3 build 112.0 Final).
After I applied the given syntax to the VIP I still get content from site1 instead from site2.
* I do know that the condition line is working well ( if { [HTTP::uri] starts_with "/test" } ) because regular redirecting working well:

when HTTP_REQUEST {
if { [HTTP::uri] starts_with "/test" } {
HTTP::redirect https://www.site2.com[HTTP::uri]

}
}

but that is not what I need as this is changing the text in the user's browser.
Yaniv.


if both sites are managed by bigip, you may use virtual command instead.

e.g.
[root@ve10:Active] config # b virtual bar1 list
virtual bar1 {
   destination 172.28.19.252:80
   ip protocol 6
   rules myrule
   profiles {
      http {}
      tcp {}
   }
}
[root@ve10:Active] config # b rule myrule list
rule myrule {
   when HTTP_REQUEST {
  if { [HTTP::uri] starts_with "/test" } {
    HTTP::header replace Host "www.site2.com"
    virtual bar2
  }
}
}
[root@ve10:Active] config # b virtual bar2 list
virtual bar2 {
   snat automap
   pool foo
   destination 1.1.1.1:80
   ip protocol 6
}
[root@ve10:Active] config # b pool foo list
pool foo {
   members 200.200.200.101:80 {}
}

[root@ve10:Active] config # ssldump -Aed -nni 0.0 port 80
New TCP connection #1: 172.28.19.251(47230) <-> 172.28.19.252(80)
1358775742.2911 (0.0010)  C>S
---------------------------------------------------------------
GET /test/something HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Accept: */*
Host: www.site1.com

---------------------------------------------------------------

New TCP connection #2: 172.28.19.251(47230) <-> 1.1.1.1(80)
1358775742.2913 (0.0000)  C>S
---------------------------------------------------------------
GET /test/something HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Accept: */*
Host: www.site2.com

---------------------------------------------------------------

New TCP connection #3: 200.200.200.253(47230) <-> 200.200.200.101(80)
1358775742.2931 (0.0017)  C>S
---------------------------------------------------------------
GET /test/something HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Accept: */*
Host: www.site2.com

---------------------------------------------------------------
OK, a few more questions then;

1) Is this the only iRule applied to the VS?
2) Where or what is site2? Is it hosted on the same servers as site1?

Also just FYI, you could add some logging just before the HTTP::header command. Something like 'log local0. "Matched /test URI, rewriting header"
Just noticed the flaw in your rule. You are checking the URI, not the host. I think you need to do both;

when HTTP_REQUEST {
 if { (([string tolower [HTTP::uri]] starts_with "/test") && ([string tolower [HTTP::host]] equals "www.site1.com")) } {
  HTTP::header replace Host "www.site2.com"
 }
}
That should be '&&' by the way, not '&...'
Hi Steve,
Thank you for your help.
I have tried the syntax you suggested but I still get content from site1 (I'm checking this by browsing to https://www.site1.com/test/1.txt and this is how I know if i get content from site1 or site2)

In answer to your questions:
1. This is the only IRule applied on this VIP.
2. Site2 is another VIP which use other nodes than the nodes of Site1.
3. i didnt quite understand how to add the logging to the rule, if you can give them within an example syntax I could add them.

Tnx, Yaniv.
OK, that clears things up somewhat, thanks to Nitass too. Try this which will forward traffic to the site2 Virtual Server after the header replacement;

when HTTP_REQUEST {
 if { (([string tolower [HTTP::uri]] starts_with "/test") && ([string tolower [HTTP::host]] equals "www.site1.com")) } {
  log local0. "Matched host site1.com and uri /test"
  HTTP::header replace Host "www.site2.com"
  virtual 'site2-VS-name'
 }
}
Hi Steve,
That fixed it !!
well done mate, I've been trying to figure this out for few hours by now till I posted here.
Can you please explain why was it necessary to add the virtual server name to the syntax?

Thank you Nitass of course as well.
Yaniv.




You're welcome. You needed to specify the virtual as otherwise the traffic would be just be sent to the Pool Members in the default Pool configured for the original Virtual the iRule is applied to and these of course don't host the site2 content; the Pool Members of the site2 VS do. Changing the header alone won't get the traffic to the right place.

I see, and what if site2 was not hosted by the F5?
(Suppose it was a physical server).
Would it work without the addition?

Yaniv.

If you created a Pool with the site2 servers in it and then sent the traffic to it using the pool command rather than the virtual command that would work. Either way you would have to specifically route the traffic to the correct place unless site1's Pool Members were also hosting site2.
I understand,
I appreciate all your help, thanks again.

cheers, Yaniv.
Great. You're very welcome. Cheers

Your answer:

You must be logged in to reply. You can login here.