Forum Discussion

Parveez_70209's avatar
Parveez_70209
Icon for Nimbostratus rankNimbostratus
Apr 11, 2016

Issue with VIP

Hi Team,

 

I am having a very simple requirement where:

 

  1. Frontend URL is: https://wsgwtest.test.no:2443/Test/ElsmartElwinWS/ while the Internet application URL is: http://bizref4.test.no/Net.InstallationRegister/

What will be the steps I need to focus on:

 

  1. Do, I need to consider Port 2443 also while configuration ? Because into the Frontend, I am creating HTTP and HTTPS VIP, HTTP-VIP is just for redirection from HTTP and HTTPS.

2.How I will do this rewrite as Frontend request URI is not similar to the backend application sever URI ?

 

  1. Thirdly I need to restrict the URL from only specific sources 3.3.3.3 and 3.3.3.4 in F5 LTM only plus only user: 'test' can only access https://wsgwtest.test.no:2443/Test/ElsmartElwinWS/, but no other users, kindly guide into the same.

Regards PZ

 

application delivery
iRules
LTM
security

6 Replies

Sort By
  • Parveez_70209's avatar
    Parveez_70209
    Icon for Nimbostratus rankNimbostratus
    Apr 11, 2016
    please read as *Internal application URL is: http://bizref4.test.no/Net.InstallationRegister/
  • Snl's avatar
    Snl
    Icon for Cirrostratus rankCirrostratus
    Apr 12, 2016
    you can do this by doing ssl offloading and applying couple of irules to the virtual server
  • Amy_123193's avatar
    Amy_123193
    Historic F5 Account
    Apr 12, 2016

    SSL must be terminated at the BIG-IP for this to work, and you should consider using a Rewrite profile to change the URI in-flight - it works similarly to the Apache ProxyPass feature.

     

    • Parveez_70209's avatar
      Parveez_70209
      Icon for Nimbostratus rankNimbostratus
      Apr 12, 2016
      Sorry it was not very clear.. I mean: 1. For VIP: Do I need to create HTTPS:SSL VIP with port 2443 ? 2. Rewrite Profile part I understood. 3. Thirdly I need to restrict the URL from only specific sources 3.3.3.3 and 3.3.3.4 in F5 LTM only plus only user: 'test' can only access https://wsgwtest.test.no:2443/Test/ElsmartElwinWS/, but no other users, kindly guide into the same ?
  • awilhelm's avatar
    awilhelm
    Icon for Employee rankEmployee
    Apr 12, 2016

    SSL must be terminated at the BIG-IP for this to work, and you should consider using a Rewrite profile to change the URI in-flight - it works similarly to the Apache ProxyPass feature.

     

    • Parveez_70209's avatar
      Parveez_70209
      Icon for Nimbostratus rankNimbostratus
      Apr 12, 2016
      Sorry it was not very clear.. I mean: 1. For VIP: Do I need to create HTTPS:SSL VIP with port 2443 ? 2. Rewrite Profile part I understood. 3. Thirdly I need to restrict the URL from only specific sources 3.3.3.3 and 3.3.3.4 in F5 LTM only plus only user: 'test' can only access https://wsgwtest.test.no:2443/Test/ElsmartElwinWS/, but no other users, kindly guide into the same ?