iRule limits path ok, but prevents redirect from occurring

Question

I have 2 VIPs (one internal, another is NATted to a public IP) to access a web site.
The internal VIP is unrestricted, and the public VIP has an irule (below) that limits which paths can be accessed.
(/testpath1) redirects (302) to (/testpath2), but only when the user is NOT logged in.&nbsp;
When I try to access the site internally (/testpath1), all is well, as no restrictions on the internal VIP.
When I try to access the site (/testpath1) from public, I get a 404 error, I am assuming - due to the path restriction. In short, the redirect isn't occurring.
I can access /testpath2 from public just fine.&nbsp;
When I use curl -v to access /testpath1 from public, I see the 404, but no indication of the 302 redirect. &nbsp;
I did verify that there are no other paths that need to be included in the irule.&nbsp;
I'm assuming that the irule is somehow preventing the 302 from getting to the browser, but I'm unsure how to tweak it so that the redirect can occur. I can't just add a redirect to the irule, as this should only occur when the user is not logged in to the site (the redirect is managed by the web site).&nbsp;
Any assistance is appreciated.&nbsp;
iRule:&nbsp;
when HTTP_REQUEST{
switch -glob -- [string tolower [HTTP::host]]{
"site.domain.com"{
    if {  ! ([string tolower [HTTP::path]] starts_with "/testpath1" ||
     [string tolower [HTTP::path]] starts_with "/testpath2") }{
                   reject
                                        }
else { pool /Common/site.domain.com_pool }                                                            &nbsp;
 return                 &nbsp;
}
}}&nbsp;

patrik_jonsson · Answer

Hi!&nbsp;
I don't think the iRule is the culprit. The 404 you see if probably coming from the application server. What happens if you login to one of the members in the pool and try the path locally?&nbsp;
My instinct when reading your description is that the web server might not have listeners pointing to the same application as the internal application does. &nbsp;
For instance if the internal site is "mysite.domain.local" and the external is "mysite.domain.com" the web server might be configured to listen to host headers with mysite.domain.local, but mysite.domain.com is reaching another configured web site (or perhaps the default one).&nbsp;
This should be evident by checking the application logs.&nbsp;
/Patrik&nbsp;

Forum Discussion

iRule limits path ok, but prevents redirect from occurring

1 Reply

Recent Discussions

Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP

Help with URL Masking

F5 iRule to replace host to path

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries R2600 Tenant sizing

Related Content

Guarding Large Language Models: Advanced Approaches to Preventing Model Theft

Operationlizing Online Fraud Detection, Prevention, and Response

Ansible Error: An exception occurred during task execution

API Security Strategy - Discover and map APIs, block unwanted connection and prevent data leakage

Re: Prevention of OWASP API Security API3:2019 Excessive Data Exposure using F5 XC