Forum Discussion

Luis_Pablo_1189's avatar
Luis_Pablo_1189
Icon for Nimbostratus rankNimbostratus
Dec 18, 2013

Pool member FQDN on server side, Virtual server name on client side web browser

Hi everyone! I am having a hard time trying to find/figure-out an iRule that sends the FQDN (http://poolmem1.domain.com) to the selected pool member just on the server side, leaving the Virtual server name on the client side (http://vserver.domain.com). I have tried these iRules:

 

https://devcentral.f5.com/wiki/iRules.rewrite_host_header_to_server_name.ashx

 

https://devcentral.f5.com/questions/append-fqdn-to-https-request

 

But they keep changing the address on the client side web browser to http://poolmem1.domain.com, so the F5 LTM doesn't participate in the LB anymore.

 

The application we are trying to balance is SAP Enterprise Portal, and it needs that the server's FQDN be used when it is accessed so that the SSO feature works.

 

Thanks in advance for your help!

 

Luis Villafuerte from Guatemala

 

9 Replies

  • Hi,

    In your iRule you have to use HTTP_RESPONSE event to match traffic coming from your webserver.

    Your iRule will be like that :

    when HTTP_REQUEST {
        if { [string tolower [HTTP::host]] equals "vserver.domain.com"} {
            HTTP::header replace Host "poolmem1.domain.com"
        }
    }
    when HTTP_RESPONSE {
        if { [string tolower [HTTP::host]] equals "poolmem1.domain.com"} {
            HTTP::header replace Host "vserver.domain.com"
        }
    }
    
    • Luis_Pablo_1189's avatar
      Luis_Pablo_1189
      Icon for Nimbostratus rankNimbostratus
      Hi Thomas, thanks for your answer. I tried to create the iRule, but I got this error: error: /Common/iRule_Portal_SAP_DevCentral1:7: error: [command is not valid in current event context (HTTP_RESPONSE)][HTTP::host] Any clue? Luis
  • Hi,

    In your iRule you have to use HTTP_RESPONSE event to match traffic coming from your webserver.

    Your iRule will be like that :

    when HTTP_REQUEST {
        if { [string tolower [HTTP::host]] equals "vserver.domain.com"} {
            HTTP::header replace Host "poolmem1.domain.com"
        }
    }
    when HTTP_RESPONSE {
        if { [string tolower [HTTP::host]] equals "poolmem1.domain.com"} {
            HTTP::header replace Host "vserver.domain.com"
        }
    }
    
    • Luis_Pablo_1189's avatar
      Luis_Pablo_1189
      Icon for Nimbostratus rankNimbostratus
      Hi Thomas, thanks for your answer. I tried to create the iRule, but I got this error: error: /Common/iRule_Portal_SAP_DevCentral1:7: error: [command is not valid in current event context (HTTP_RESPONSE)][HTTP::host] Any clue? Luis
  • Sorry I made a mistake with my copy/paste...

    This should be better :

    when HTTP_REQUEST {
        if { [string tolower [HTTP::host]] equals "vserver.domain.com"} {
            HTTP::header replace Host "poolmem1.domain.com"
        }
    }
    when HTTP_RESPONSE {
        if { [string tolower [HTTP::header Location]] equals "poolmem1.domain.com"} {
            HTTP::header replace Location "vserver.domain.com"
        }
    }
    
    • Luis_Pablo_1189's avatar
      Luis_Pablo_1189
      Icon for Nimbostratus rankNimbostratus
      Thanks Thomas, but the client's web browser still getting poolmem1.domain.com URL field. I'll do some Wireshark captures to try to figure out what is going on.
  • Sorry I made a mistake with my copy/paste...

    This should be better :

    when HTTP_REQUEST {
        if { [string tolower [HTTP::host]] equals "vserver.domain.com"} {
            HTTP::header replace Host "poolmem1.domain.com"
        }
    }
    when HTTP_RESPONSE {
        if { [string tolower [HTTP::header Location]] equals "poolmem1.domain.com"} {
            HTTP::header replace Location "vserver.domain.com"
        }
    }
    
    • Luis_Pablo_1189's avatar
      Luis_Pablo_1189
      Icon for Nimbostratus rankNimbostratus
      Thanks Thomas, but the client's web browser still getting poolmem1.domain.com URL field. I'll do some Wireshark captures to try to figure out what is going on.
  • The above will replace the Host header on ingress and the Location header on egress (if a redirect). If the client is still getting sent to the internal URL, then it's very likely that the URL is being presented to the client somewhere other than a redirect header. Given that this is SAP, there's a fair chance that JavaScript may be involved, or at the very least document objects (images, CSS, etc.) are referencing the internal URL. The wireshark capture will tell you for sure, and the cure can be as simple as a STREAM profile iRule or as complex as a ProxyPass implementation.