Forum Discussion

Devlin_T_149357's avatar
Nov 12, 2014

Help with Reverse Proxy iRule

Hello all

I was hoping someone more clever than me can guide and help me. We have a requirement to provide a reverse proxy function for a customer. The way it'll work is like this:

  1. The customer enters a publicly available URL: www.site.com, this gets mapped to a single vIP on the F5
  2. Behind the F5 (internally to the customer network) are 10 servers, each one listening on a different port, so we therefore have 10 pools. Each server has a unique internal only FQDN.
  3. We wish to have all servers reachable from the one public URL and one vIP. We will distinguish between each session based on the client URI.

For example if a user types in http://site.com/app1, we need to map this to the internal server:

I know there is the URI rewrite profile and Local Traffic Policy but we have not got this to work.

Although it's quick and dirty I was hoping initially to use an iRule to achieve what we want. We can then look to refine and make it more elegant at some point in the future. We have implemented the following iRule:

when HTTP_REQUEST { 
if { [HTTP::uri] starts_with "/app1" } {
HTTP::host "appserver1" 
HTTP::uri "/newapp" 
pool 
snatpool 
} 
}

The problem with the iRule above is that images and styles (CSS etc.) do not come through? Any ideas on this one?

Also, we want to expand the above iRule to include the rest of the servers, however, each internal FQDN has a port number in the host name, i.e. "appserver1:8888/newapp2". How does one include this port number into the above iRule. I have tried the following which is not working:

elseif {
[HTTP::uri] starts_with "/app2" } {
HTTP::host "appserver1:8888" 
HTTP::uri "/newapp2"
pool 
snatpool 
}

Apologies if I haven't explained this clearly. Hopefully it does make sense.

Many thanks for your advice.

3 Replies

  • R_Marc's avatar
    R_Marc
    Icon for Nimbostratus rankNimbostratus

    I would start by looking and the HTML source to see the path of those CSS/images and make sure your rules would target those paths. Also, a switch statement would be a lot easier to read and maintain IMNSHO (and it's faster).

    switch -glob [HTTP::uri] {
        "/app1*"  {
                stuff...
         }
         "/app2*" {
                other stuff..
         }
         default {
                some default behavior to catch non-matches
         }
    }
    
  • Thanks R Marc, yes switch statements are on my to-do list.

     

    Can you elaborate any further on the targeting of CSS files etc., with an example? Have you experience such an issue before? Would appreciate a little steer.

     

    Thanks again!

     

  • R_Marc's avatar
    R_Marc
    Icon for Nimbostratus rankNimbostratus

    I have. Some apps put FQDN into their HTML arefs rather than relative links. If they do that (which is bad practice) you would have to rewrite those. It would be better to have the app use relative links, but if they are third party, or you have intellectually challenged developers (surely not) that's not always an option.