Forum Discussion

Phil_Boorman_70's avatar
Phil_Boorman_70
Icon for Nimbostratus rankNimbostratus
Nov 28, 2016

Issue with Internal Application through F5 LTM

Hi All

Wondering if anyone could help a puzzling situation we have.

Client has an application they want to publish externally through the F5. One back end server which host the application, and the application is basically multiple portals for different customers to log on and retrieve various data. Application sits on an internal host and responds perfectly internally. The issue is that externally we require the domain to be applied to the requests but the server responds with its host name without the domain.

i.e

Application accessed internally and Application accessed internally needs to be https://appcust1.customer.co.uk https://appcust2.customer.co.uk

This iRule appeared to be the resolution for several people on this site :

=================================== when HTTP_REQUEST { tell server not to compress response HTTP::header remove Accept-Encoding

     disable STREAM for request flow
    STREAM::disable
}
when HTTP_RESPONSE {
     catch and replace redirect headers
    if { [HTTP::header exists Location] } {
        HTTP::header replace Location [string map {"https://appcust1" "https://appcust1.customer.co.uk" "https://appcust2" "https://appcust2.customer.co.uk"} [HTTP::header Location]]
    }

     only look at text data
    if { [HTTP::header Content-Type] contains "text" } {

         create a STREAM expression to replace any http:// with https://
        STREAM::expression {@appcust1@appcust1.customer.co.uk@ @appcust2@appcust2.customer.co.uk@}

         enable STREAM
        STREAM::enable
    }
}

This would allow us to log on to the Appcust1 application but Appcust2 was broken and kept referencing appcust1 objects or just the server address. coupled with a Rewrite profile we could logon to both applications but when navigating around we would be returned to the logon screen.

With the rewrite profile on the VIP, we can comment out the Header replacement part of the irule and we can still log on and the page display correctly, until we try to navigate to another part of the site.

Basically i know this is a bit vague but wanted to know if we are doing this right, with the rewrite profile on its own the application doesn't load the CSS properly and the page looks weird, the iRule on its own doesn't allow multiple applications to work over the same VIP, but together they are 90% with functionality issues. I'm sure i'm missing something, going native to the application and selecting the navigation bars just gets 200OK on all objects, but via the F5 iRule/rewrite profile combination i can see 302 redirects popping in and then it drops to login page.

Any help or questions to clarify would be greatly appreciated.

Regards

Phil

4 Replies

  • It sounds as if the server on the backend isn't referencing relative paths. Is that something that can be changed?

     

  • Unfortunately there is a cost involved to change anything on the application side hence why the F5 is trying to act as an intermediary to transcribe the internal host names to externally reachable names.

     

  • Hi Phil, did you solved that?

     

    I would do it a bit differently and I think in your example, you forgot to rewrite the host back in the request. Make it sense to you?

     

    Respectfully