Reverse Proxy setup question

Question

I've tried both the directions for setting up a ReverseProxy and using ProxyPass listed on this site. I have done a comparison to a lot of folks that have asked questions when they had problems.&nbsp;
Our problem is relatively simple, we need to take a URL  and then reverse proxy it to a  ... the critical piece of this is to http to https... due to the way our internal applications work it has to be http client url to an https server url (due to how empowerID works it is https) only.&nbsp;
Any suggestions on how what I may be doing wrong? Right now it doesn't not seem to get to the server we want to it reverse proxy to ... it times out or gives a data not received message. &nbsp;
I've tried the instructions below for setting up a reverse proxy, we are running the 11.6 of the BigIP F5.&nbsp;
https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-implementations-11-4-0/21.html
https://devcentral.f5.com/codeshare/proxypass-v10-v11&nbsp;

brad_parker_139 · Answer

What you want to do is to setup you virtual server on port 80 with a server SSL profile, your pool members on port 443, a HTTP profile, and a rewrite profile.  Then you can use an iRule like this to handle rewriting the https links to http back to the client.
when HTTP_REQUEST {
    HTTP::header insert "SetContextURI" "https://[HTTP::host][HTTP::path]"
    HTTP::path [string map {/123/ /321/} [HTTP::path]]
     Disable the stream filter for all requests
    STREAM::disable
     LTM does not uncompress response content, so if the server has compression enabled
     and it cannot be disabled on the server, we can prevent the server from 
     sending a compressed response by removing the compression offerings from the client
    HTTP::header remove "Accept-Encoding"
}
when HTTP_RESPONSE {
     Replace http:// with https://
    STREAM::expression {@/321/@/123/@}

Enable the stream filter for this response only
    STREAM::enable
}

brad_parker · Answer

What you want to do is to setup you virtual server on port 80 with a server SSL profile, your pool members on port 443, a HTTP profile, and a rewrite profile.  Then you can use an iRule like this to handle rewriting the https links to http back to the client.
when HTTP_REQUEST {
    HTTP::header insert "SetContextURI" "https://[HTTP::host][HTTP::path]"
    HTTP::path [string map {/123/ /321/} [HTTP::path]]
     Disable the stream filter for all requests
    STREAM::disable
     LTM does not uncompress response content, so if the server has compression enabled
     and it cannot be disabled on the server, we can prevent the server from 
     sending a compressed response by removing the compression offerings from the client
    HTTP::header remove "Accept-Encoding"
}
when HTTP_RESPONSE {
     Replace http:// with https://
    STREAM::expression {@/321/@/123/@}

Enable the stream filter for this response only
    STREAM::enable
}

hajar · Answer

Hello,  I am running version 11.6.0.  Today I tried ProxyPass iRule solution provided in https://devcentral.f5.com/codeshare/proxypass-v10-v11.   1- I created a VS called test. 2- I created Data group called ProxyPasstest. for now only entry of string= test.com value= cloud-test.com 3- I cerated irule called ProxyPass and copied entire code without any change, then applied the irule to the VS, test. I was hoping this will point users requesting test.com to cloud-test site but will keep the URL as test.com. I guess I am doing something wrong. It doesn't get to cloud-test at all. I get page not found error.  I can go to cloud-test.com if I have irule redirect, but this is not we want since it changes the URL to cloud-test. Any idea what I have done incorrectly with ProxyPass iRule?

hajar · Answer

Hello,  I am running version 11.6.0.  Today I tried ProxyPass iRule solution provided in https://devcentral.f5.com/codeshare/proxypass-v10-v11.   1- I created a VS called test. 2- I created Data group called ProxyPasstest. for now only entry of string= test.com value= cloud-test.com 3- I cerated irule called ProxyPass and copied entire code without any change, then applied the irule to the VS, test. I was hoping this will point users requesting test.com to cloud-test site but will keep the URL as test.com. I guess I am doing something wrong. It doesn't get to cloud-test at all. I get page not found error.  I can go to cloud-test.com if I have irule redirect, but this is not we want since it changes the URL to cloud-test. Any idea what I have done incorrectly with ProxyPass iRule?

Forum Discussion

Reverse Proxy setup question

4 Replies

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

F5 Reverse Proxy setup

Troubleshooting Lync/Skype for Business Reverse Proxy

F5 SSL Offload behind Nginx Reverse Proxy

Reverse Proxy With Basic SSO

Simple Reverse Proxy with iRules