Forum Discussion

Altomani_182839's avatar
Altomani_182839
Icon for Nimbostratus rankNimbostratus
Jan 19, 2015

Reverse Proxy for external address (URL)

Hi!

 

A simple question, but that is tormenting me for a few days.

 

We have a Big-IP LTM (11.4.1), and we want to do reverse proxy for a external address, on the internet, so for example: The client access this address: http://www.site01.com/uri1/uri2 and the Big-IP makes reverse proxy for the address http://www.site02.com/uri1/uri2.

 

All my researches show me that is possible when the servers are inside the infrastructure, but I found nothing when the servers are outside the internal network, like a third party web site.

 

it is possible after all?

 

Tks!!

 

application delivery
availability
BIG-IP Access Policy Manager (APM)
deployment
design
devops
iRules
security

6 Replies

Sort By
  • Matt_Dierick's avatar
    Matt_Dierick
    Icon for Employee rankEmployee
    Jan 19, 2015

    Do you try to make rewriting from internal to external ???

     

    It does not matter if server is inside or outside. The iRule making this change does not care where is the destination IP server address.

     

    You can open server side TCP connection to www.site02.com and rewrite headers with a standard VS.

     

  • cdougall_14195's avatar
    cdougall_14195
    Icon for Cirrus rankCirrus
    Jan 19, 2015

    I would add one piece to Matthieus.

     

    You may want to consider adding a streaming profile as well so that the content of the responces from site2 appear as site1 on the way back to the client. This should stop content from site2 that are referencing images etc from appearing at the client as site2.

     

  • Altomani_182839's avatar
    Altomani_182839
    Icon for Nimbostratus rankNimbostratus
    Jan 19, 2015

    Hi Dierick!

     

    Thanks for the reply.

     

    It is more external to external i think... Here is the (one of them...) code that i have made:

     

    when HTTP_REQUEST { if {([HTTP::host] equals "www.site01.com") and ([HTTP::uri] eq "/uri1/uri2")} { HTTP::header replace Host "www.site02.com" pool POOL_Site_00 } }

     

    This POOl that I made have as unique member, a host with the IP of external webserver. The POOL is avaliable and OK. The port 80 is open, the monitor is ok, but it is still not working.

     

    Is there a pre requisite for the BIG-IP act as a reverse proxy, such as DNS resolution for example?

     

    Tks Again!

     

  • NikhilB's avatar
    NikhilB
    Icon for Employee rankEmployee
    Jan 19, 2015

    If I might add: you can also set the big-ip as an explicit proxy which you can then set the DNS resolution as you mentioned. Typically used for internal clients making connections outbound. This is available post 11.4.x train.

     

  • Altomani_182839's avatar
    Altomani_182839
    Icon for Nimbostratus rankNimbostratus
    Jan 23, 2015

    OK, but it is possible make this configuration? This "external to external" reverse proxy?

     

    We don´t have administration on remote server, in fact, is a URL that anyone can access. So in theory, it´s just rewrite the host and send it to the POOL that have as member, the valid IP of the remote server.

     

    I just need a evidence that it is possible or not. Better than that, if someone could show me a case would be perfect!

     

    thanks in advance!

     

  • Altomani_182839's avatar
    Altomani_182839
    Icon for Nimbostratus rankNimbostratus
    Jul 31, 2015

    Hello everyone!

     

    Just to close this thread. Yes it´s possible to do this configuration, in fact, the way that it have to be done is the way that i was already doing! (put the external address as a member of a POOL, and use a irule, based on a condition in my case, to redirect the traffic to this POOL).

     

    The problem i was facing was firewall rules... (yes, firewall rules...). After configuring the correct rules in the firewall everything worked (and are working until today) just fine!

     

    Tks!