Context Root Masking/URL Rewrite and pool selection

Question

I have an existing iRule that simply selects poolA based on a list of URIs, everything else goes to poolB.   
&nbsp;  
&nbsp; when HTTP_REQUEST { 
&nbsp;  switch -glob [string tolower [HTTP::uri]] { 
&nbsp;   /contextroot* - 
&nbsp;   /front* - 
&nbsp;   /static* - 
&nbsp;   /css* - 
&nbsp;   /flash* - 
&nbsp;   /images* - 
&nbsp;   /jsimages* - 
&nbsp;   /xml* - 
&nbsp;   /xsl* - 
&nbsp;   /vgn-ext-templating* - 
&nbsp;   / - 
&nbsp;   /script/\* - 
&nbsp;   /interpret* - 
&nbsp;   /disabilit* - 
&nbsp;   /shared* { 
&nbsp;   pool pool_A 
&nbsp;   } 
&nbsp;   default { 
&nbsp;   pool pool_B 
&nbsp;   } 
&nbsp;  } 
&nbsp; } 
&nbsp;  
&nbsp;  
&nbsp; I have now been tasked with masking the "contextroot" so that the browser does not see it but it is still passed to the server.  i.e. browser sends request to www.mysite.org/blah/blah/... and I rewrite to /contextroot/blah/blah/...  There are several different variables that "blah" could be but, it IS a defined list.  So i am thinking of using a stream profile with a class list.  here is a first shot at just the context root masking piece, i'll add the rest of the existing rule later. 
&nbsp;  
&nbsp; set OriginalURI HTTP::uri 
&nbsp;  
&nbsp; when HTTP_REQUEST { 
&nbsp;   if {[matchclass [[string tolower [HTTP::uri]] starts_with $::maskedURIs]} {   &lt;&lt;     STREAM::expression "@$OriginalURI@/contextroot/$OriginalURI@"     &lt;&lt;&lt;&lt; Can I use the variable inside the stream expression?? 
&nbsp;     STREAM::enable 
&nbsp;     pool poolA 
&nbsp;   } 
&nbsp; } 
&nbsp;  
&nbsp; when HTTP_RESPONSE { 
&nbsp;   if {[[HTTP::status] == 200] and [[HTTP::header value "Content-Type"] contains text]} { 
&nbsp;     STREAM::expression "@/contextroot@@" 
&nbsp;     STREAM::enable 
&nbsp;   } 
&nbsp; } 
&nbsp;  
&nbsp;  
&nbsp; Anyone see anything worng with this or know a better way to do it??? 
&nbsp;  
&nbsp;

hooleylist · Answer

You should only need to change the path in the request.  You can do this with HTTP::path instead of a stream filter (which would modify the request payload):

Prepend /contextroot to the original path 
 HTTP::path "/contextroot[HTTP::path]"

For the response, are you sure non-200 responses won't ever contain the /contextroot?  You should also explicitly disable the stream filter if the condition(s) aren't met:

when HTTP_RESPONSE { 
    if {[[HTTP::status] == 200] and [[HTTP::header value "Content-Type"] contains text]} { 
       STREAM::expression "@/contextroot@@" 
       STREAM::enable 
    } else { 
        Disable the stream filter 
       STREAM::disable 
    } 
 }

Also, you can use variables in a stream expression as long as you wrap the expression with double quotes (like you did) instead of curly braces. 
  
 Aaron

moe_jartin · Answer

Aaron, 
&nbsp;  
&nbsp; Thanks for the response.  So this is what I have, tying in the original rule: 
&nbsp;  
&nbsp; when HTTP_REQUEST {  
&nbsp;  Prepend /contextroot to masked URIs and send to poolA 
&nbsp;   if {[matchclass [[string tolower [HTTP::uri]] starts_with $::maskedURIs]} {  
&nbsp;     HTTP::path "/contextroot[HTTP::path]" 
&nbsp;     pool poolA  
&nbsp;  Send other URIs thru original "switch -glob"  
&nbsp;   } else {[switch -glob [string tolower [HTTP::uri]]} { 
&nbsp;   /contextroot* - 
&nbsp;   /front* - 
&nbsp;   /static* - 
&nbsp;   /css* - 
&nbsp;   /flash* - 
&nbsp;   /images* - 
&nbsp;   /jsimages* - 
&nbsp;   /xml* - 
&nbsp;   /xsl* - 
&nbsp;   /vgn-ext-templating* - 
&nbsp;   / - 
&nbsp;   /script/\* - 
&nbsp;   /interpret* - 
&nbsp;   /disabilit* - 
&nbsp;   /shared* { 
&nbsp;   pool pool_A 
&nbsp;   } 
&nbsp;   default { 
&nbsp;   pool pool_B 
&nbsp;   } 
&nbsp; } 
&nbsp;  
&nbsp; when HTTP_RESPONSE {  
&nbsp;  Remove /contextroot from HTTP responses 
&nbsp;   if {[[HTTP::header value "Content-Type"] contains text]} {  
&nbsp;     STREAM::expression "@/contextroot@@"  
&nbsp;     STREAM::enable  
&nbsp;   } else { 
&nbsp;     STREAM::disable 
&nbsp;   } 
&nbsp; }  
&nbsp;  
&nbsp; I removed the 200 response requirement.  I had origianlly added it so as not to overwrite 301 or 302 redirects that might happen to have that in it but I guess I should be overwriting those anyway. 
&nbsp;  
&nbsp; I will run this on my test box and see if it works.  Thanks Again!!! 
&nbsp;  
&nbsp; Joe &nbsp;

moe_jartin · Answer

OK so new requirement...  On the HTTP_RESPONSE I need to only remove the /contextroot for the masked URIs.  I initially thought to try:  
&nbsp;    
&nbsp;    if {[matchclass [[string tolower [HTTP::uri]] starts_with $::maskedURIs] and [[HTTP::header value "Content-Type"] contains text]}  
&nbsp;      STREAM::expression "@/contextroot$::maskedURIs@@"   
&nbsp;      STREAM::enable   
&nbsp;    
&nbsp;  but then I realized that HTTP::uri would only catch the headers and NOT the body, if it worked at all.  It there a way to search the HTML response for /contextroot/$::maskedURIs and then remove just the /contextroot ???

hooleylist · Answer

Once you add an HTTP profile to a VIP, a stream profile will only operate against the HTTP payload (not the HTTP headers).  The response doesn't contain a URI exactly.  A 30x redirect could contain a URL with the contextroot.  You could use 'HTTP::header replace Location $new_value' to do this.  Here is an example (Click here).   
    
  How many masked URI's are there?  You could possibly read the masked URIs from the class and build a stream expression for each one, but I could see it being resource intensive if there are more than a few.  Here is a quick example:

when RULE_INIT {  
    
      The prefix to remove  
     set ::uri_prefix "/contextroot"  
    
      A fake datagroup (actually a list) to test with  
     set ::masked_uris [list /uri1 /uri2 /uri3 /uri4]  
    
      Initialize a variable to test with.  
      This would be used to set the stream expression: STREAM::expression $stream_expression  
     set stream_expression ""  
    
      Loop through each element in the "datagroup"  
     foreach uri $::masked_uris {  
    
         Log the current element  
        log local0. "\$uri: $uri"  
    
         Append the current URI to the stream expression  
        set stream_expression "$stream_expression @$::uri_prefix$uri@$uri@"  
    
         Log the current stream expression  
        log local0. "\$stream_expression: $stream_expression"  
     }  
    
      Log the final result for the stream expression  
     log local0. "\$stream_expression: $stream_expression"  
  }

And the log output:  
    
  Rule : $uri: /uri1  
  Rule : $stream_expression:  @/contextroot/uri1@/uri1@  
  Rule : $uri: /uri2  
  Rule : $stream_expression:  @/contextroot/uri1@/uri1@ @/contextroot/uri2@/uri2@  
  Rule : $uri: /uri3  
  Rule : $stream_expression:  @/contextroot/uri1@/uri1@ @/contextroot/uri2@/uri2@ @/contextroot/uri3@/uri3@  
  Rule : $uri: /uri4  
  Rule : $stream_expression:  @/contextroot/uri1@/uri1@ @/contextroot/uri2@/uri2@ @/contextroot/uri3@/uri3@ @/contextroot/uri4@/uri4@  
  Rule : $stream_expression:  @/contextroot/uri1@/uri1@ @/contextroot/uri2@/uri2@ @/contextroot/uri3@/uri3@ @/contextroot/uri4@/uri4@  
    
  Aaron

Forum Discussion

Context Root Masking/URL Rewrite and pool selection

4 Replies

Recent Discussions

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Enabling AVR and creating Profiles

Get associated pool name from VIP IP using F5-LTM

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

Related Content

Masking a URL?

iRule redirect with URL masking and URI rewrite

Masking URL from diferent domains user autentication.

Selective SNAT

URL Browser Mask/Hide with redirect