Reverse proxy redirection

just wondering why you need stream profile.

 

 

sol9800: Using an iRule to load balance HTTP requests to multiple pools

 

http://support.f5.com/kb/en-us/solutions/public/9000/800/sol9800.html

I was looking at stream profile only because another network engineer I work with said that's what I should use.

 

Thank you for the article! I'll give that a try.

I tried this using the information in that SOL, but it's still not working.

 

 

I don't think I explained this very well above. I'm migrating off of Microsoft ISA to the F5.

 

What I need to have happen is external(Internet) requests coming in as https://www.test.com/ABC123/test/test.htm need to be directed to an internal server but redirected to a different directory on that server as such. http://10.10.10.1/XYZ987/

 

 

Right now the incoming connection is trying to go to http://10.10.10.1/ABC123.test/test.htm and that directory doesn't exist.

Have you looked at using ProxyPass? It may be a little overkill for a single set of URIs, but it should do the trick nonetheless.

That does look like a lot for a single URI. But if that's my only option....

It's not your only option, but would require the least amount of coding/testing on your part, given the maturity of the ProxyPass iRule.

So for someone who is just getting started in the iRule world, this is more than what I'm comfortable doing.

 

So, where can I get help with something like configuring ProxyPass for my specific needs?

 

Is that something I should submit a ticket to F5 for or is that more professional services?

Hi Bob,

 

 

F5 Support probably won't help you configure and test ProxyPass as that's beyond the scope of break-fix support (though you could try asking). I'd guess this would be better to do as an iRules on Demand PS engagement:

 

 

http://www.f5.com/support/professional-services/consulting/offerings/irules-on-demand/

 

 

Aaron

Depending on the complexity of some applications, the ProxyPass iRule can be a necessary evil. It does the job of rewriting the incoming AND outgoing payloads, including URIs and Host headers. Thankfully the iRule is fairly well documented so it's not that difficult to set up.

1. Create the iRule - copy it from the website and modify the two values in the RULE_INIT event to enable (temporary) logging.

2. Create a data group called "ProxyPass". So for example, if the virtual server is called "my_vs", the data group would be called "ProxyPassmy_vs".

3. Create a series of entries that translate clientside requests to server side requests.

ex.

"/clientdir" := "/serverdir"

"www.host.com/clientdir" := "internal.company.com/serverdir"

"www.host.com/" := "internal.company.com/serverdir/"

"/abc123/" := "/xyz987/"

** for you application you probably just need to work with URIs.

It may take a little work to get this part just right depending on your application, but the logging will guide you.

Like I said, ProxyPass is designed to deal with complex applications. In the event, however, that your website doesn't require all of this, a simpler iRule to just catch the incoming URI and change it would look something like this:

when HTTP_REQUEST {
   if { [string tolower [HTTP::uri]] starts_with "/abc123/test/test.htm" } {
      HTTP::uri "/xzy987/"
   }
}

Thank you very much!

 

This gives me something to try and a fallback with iRules on-demand should I need the extra assistance.

 

I'll let you know how it goes.

 

 

Thanks again!