Forum Discussion

lnease2_55281's avatar
lnease2_55281
Icon for Nimbostratus rankNimbostratus
Apr 09, 2012

Modifying header's host and from HTTP to HTTPS

I have a virtual server that accepts HTTP requests and then sends HTTPS from there to a backend server (that is actually a third party server). It works fine, but because of soap requests, the initiating client request needs to look like it is coming from the F5 instead of from the client when it reaches the web service running on the pool node. We're getting a address mismatch on the backend web service.

 

 

So I am trying to write an iRule that will do the following:

 

 

Change the request's host name in the header and also change that header to be a HTTPS request instead of a HTTP request. Will the code below work?

 

 

NOTE: this is *not* a redirect; I can't send the client to a different URL. So I have to rewrite the header info. And I am thinking I better do this in both directions to avoid problems. Is my code correct below? Please help! Thanks!

 

 

 

when HTTP_REQUEST {

 

if { [HTTP::host] equals"internal.hostname.com"} {

 

HTTP::header replace Host "thirdparty.hostname.com"

 

HTTP::header replace http:// https://

 

}

 

}

 

 

 

when HTTP_RESPONSE {

 

if { [HTTP::host] equals"thirdparty.hostname.com"} {

 

HTTP::header replace Host "internal.hostname.com"

 

HTTP::header replace https:// http://

 

}

 

}

 

2 Replies

  • If you want the request to look like it came from the F5, why not just turn on SNAT?

     

     

    If you want the request to be SSL-encrypted from the F5 to the web service, set a server SSL profile.

     

     

    I don't think you need an iRule to do what you want to do.
  • i agree with dlg - if you want request look like coming from bigip, doesn't snat work?

    this is an example configuration which rewriting host header. anyway, i do not think there is host header in http response.

    [root@ve1023:Active] config  b virtual bar list
    virtual bar {
       snat automap
       pool foo
       destination 172.28.19.79:80
       ip protocol 6
       rules myrule
       profiles {
          http {}
          serverssl {
             serverside
          }
          tcp {}
       }
    }
    [root@ve1023:Active] config  b pool foo list
    pool foo {
       members 200.200.200.101:443 {}
    }
    [root@ve1023:Active] config  b rule myrule list
    rule myrule {
       when HTTP_REQUEST {
       if { [HTTP::host] equals "internal.hostname.com" } {
          HTTP::header replace Host "thridparty.hostname.com"
       }
    }
    }
    
     on client
    
    [root@centos251 ~] curl -I http://internal.hostname.com/
    HTTP/1.1 200 OK
    Date: Thu, 12 Apr 2012 14:36:17 GMT
    Server: Apache/2.2.3 (CentOS)
    Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
    ETag: "4183e4-3e-9c564780"
    Accept-Ranges: bytes
    Content-Length: 62
    Content-Type: text/html; charset=UTF-8
    
     on bigip (packet trace)
    
    [root@ve1023:Active] config  ssldump -Aed -nni 0.0 port 80 or port 443 -k /var/tmp/node201.key
    New TCP connection 1: 172.28.19.251(52863) <-> 172.28.19.79(80)
    1334241345.8899 (0.0011)  C>S
    ---------------------------------------------------------------
    HEAD / HTTP/1.1
    User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
    Host: internal.hostname.com
    Accept: */*
    
    ---------------------------------------------------------------
    
    New TCP connection 2: 200.200.200.10(52863) <-> 200.200.200.101(443)
    ...snipped...
    2 10 1334241345.9091 (0.0000)  C>SV3.1(186)  application_data
        ---------------------------------------------------------------
        HEAD / HTTP/1.1
        User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
        Host: thridparty.hostname.com
        Accept: */*
    
        ---------------------------------------------------------------
    2 11 1334241345.9108 (0.0016)  S>CV3.1(263)  application_data
        ---------------------------------------------------------------
        HTTP/1.1 200 OK
        Date: Thu, 12 Apr 2012 14:36:17 GMT
        Server: Apache/2.2.3 (CentOS)
        Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
        ETag: "4183e4-3e-9c564780"
        Accept-Ranges: bytes
        Content-Length: 62
        Content-Type: text/html; charset=UTF-8
    
        ---------------------------------------------------------------
    1334241345.9108 (0.0209)  S>C
    ---------------------------------------------------------------
    HTTP/1.1 200 OK
    Date: Thu, 12 Apr 2012 14:36:17 GMT
    Server: Apache/2.2.3 (CentOS)
    Last-Modified: Fri, 11 Nov 2011 14:48:14 GMT
    ETag: "4183e4-3e-9c564780"
    Accept-Ranges: bytes
    Content-Length: 62
    Content-Type: text/html; charset=UTF-8
    
    ---------------------------------------------------------------