Forum Discussion

Jon_14_147267's avatar
Jon_14_147267
Icon for Nimbostratus rankNimbostratus
Sep 26, 2018

URL Rewrite Reverse Proxy

Hello,

 

I'm using the rewrite iRule below to reverse proxy traffic to a server hosted by a third party. This third party hosts a service one of our applications makes a call to.

 

We need to make the service available externally so it can be used by SalesForce, so I created a VIP using an IP address in our external range and worked with the third party to open port 80 in their firewall in order to talk to the server hosting the web service.

 

The rewrite iRule seems to be working, however POST calls made back from the app server seem to be failing with a 400 response.

 

Is there away to preserve or enforce the rewrite for the calls being made back from the app server?

 

iRule: when HTTP_REQUEST { HTTP::header replace Host [string map {my.externalvip.com thirdparty.webservice.com} [string tolower [HTTP::host]]] }

 

8 Replies

  • I don't really understand what you want to rewrite? What have to be re-written, when the node sends a POST to third-party? Can you give more explanation of this?

     

    A HTTP Code 400 is a Bad Request. This is typically seen when the destination server uses HTTPS, but the client didn't initiate an SSL Handshake. There are much more reasons for 400 responses, this was just an example, which may match, because you wrote something about Port 80, which is usually HTTP and I'm pretty sure that Salesforce does not support unencrypted HTTP traffic.

     

  • Hi,

     

    what I understand, you want to rewrite the response from the server trough this VS:

     

    The following codeshare will allow you:

     

    • Rewrites the host header in requests to an internal hostname
    • Rewrites response redirects from the internal hostname to the external hostname
    • Rewrites instances of the internal hostname in response payloads to the external hostname

    https://devcentral.f5.com/codeshare?sid=645

     

    Let me know if you need help for implementing this irule or some explanation.

     

    regards,

     

  • I need to expose an internal web service VIP hosted by another company that one of our application has access to call via an tunnel, externally.

     

    So I create an externally facing VIP my.externalvip.com and created an iRule to rewrite this host to the internal web service: thirdparty.webservice.com.

     

    This appears to work but when a POST is made back from the application server, developers are receiving a 400.

     

  • Can you explain in more detail what you mean by "when a POST is made back from the application server"?

     

    From your information I understand the following * Node is an external server, hosted at the customer, reachable via Tunnel * Pool is using tcp/80 or tcp/443 to communicate with the node? * VS is on the external VLAN of the BIG-IP * Virtual Address resolves to another FQDN, than the node itself. So the Host header is different and needs to be rewritten

     

    Please confirm, if my understanding is correct.

     

    However, possibly this is not really the point of your question. You're asking for a POST, that is sent by the nodes, correct? This would never hit the BIG-IP, as long as the nodes doesn't route the traffic to Salesforce through the BIG-IP. Even if they do, they will not be translated to the Virtual Address of your VS, as long as you don't configure static SNAT or NAT. Before describing solutions for this, I would like to know, if my understanding is correct, because there are several ways to solve this.

     

  • Hi,

    you are getting error 400 because third party web server is set to use header binding. It expects to receive thirdparty.webservice.com in GET but receives my.externalip.com. Use this iRule to fix the issu -

    when HTTP_REQUEST {

    HTTP::header replace Host "thirdparty.webservice.com"
    

    }

    • Jon_14_147267's avatar
      Jon_14_147267
      Icon for Nimbostratus rankNimbostratus

      Thanks.. it's looking like the POST is including a instead of just the URI like the GET. So when the HOST is added on the Post, it seems to be breaking.

       

  • Yes your understanding is correct. Here is a raw request that is being made...

     

    did this POST fail? POST http://my.externalvip.com/service1307/Services/SecurityService.svc HTTP/1.1 Accept-Encoding: gzip,deflate Content-Type: application/soap+xml;charset=UTF-8;action="http://thirparty.com/InforteServices1307/ISecurityService/HelloWorld" Content-Length: 471 Host: my.externalvip.com Proxy-Connection: Keep-Alive User-Agent: Apache-HttpClient/4.1.1 (java 1.5)

     

    This request is failing.

     

  • Sorry, for the delay...

     

    So the node (external server) tries to hit your Virtual Server (external VIP) via POST? From my understanding that would be forwarded back to the node itself, resulting in a loop. Additionally you didn't answer all my questions above, which is necessarry to get a full understanding of your topology.