Mar 06, 2019

reverse-proxy irule not triggering

I currently have an irule that was created by the irule ondemand team at F5 that is working for one of my OPCOs (Operating Companies). A second OPCO is requesting the same reverse proxy setup for their website. Since the request is the same (with different URIs and destination URLs), i thought i could use the below irule as a template and just modify parts of the irule and the data group.

when RULE_INIT {
   Set to 1 to enable logging, 0 to disable
  set static::debug 0
   Set to Site URL
  set static::vs_host_opco_prod "www.opco.com"
}

when CLIENT_ACCEPTED {
   Store the default pool name 
  set default_pool [LB::server pool]
}

when HTTP_REQUEST {
  set uri_lower [string tolower [HTTP::uri]]
  if { [class match $uri_lower starts_with folder_check] } {
    if { [string first "/" [string range $uri_lower [expr {[string first "/" [string range $uri_lower 2 end]] + 3}] end]] > 0 } {
      set str_end [expr {[string first "/" [string range $uri_lower [expr {[string first "/" [string range $uri_lower 2 end]] + 3}] end]] + 6}]
    } else {
      set str_end "end"
    }
  } else {
    if { [string first "/" [string range $uri_lower 2 end]] > 0 } {
      set str_end [expr {[string first "/" [string range $uri_lower 2 end]] + 1}]
    } else {
      set str_end "end"
    }
  }
  set folder [string range $uri_lower 1 $str_end]
  if { $static::debug > 0 } { log local0. "URI: [HTTP::uri] - Found folder $folder" }
  if { [class match -- $folder starts_with rewrite_folders] } {
    set url_rewrite 1
    set rewrite_host [class match -value $folder starts_with rewrite_folders ]
    HTTP::header replace Host $rewrite_host
    if { $static::debug > 0 } { log local0. "client [IP::client_addr]:[TCP::client_port] server [IP::remote_addr]:[TCP::release] host [HTTP::host]" }
    if { $static::debug > 0 } { log local0. "URI: [HTTP::uri]" }
    set dest [lindex [RESOLV::lookup @208.67.222.222 -a [HTTP::host]] 0]
    if { $dest ne "https://$rewrite_host" } {
         SSL::enable clientside
      if { $static::debug > 0 } { log local0. "Destination IP is $dest" }
      node $dest
    }
  } else {
    set url_rewrite 0
    if { $static::debug > 0 } { log local0. "-->[HTTP::uri] $default_pool" }
    pool $default_pool
  }
}

when HTTP_RESPONSE {
     if { $url_rewrite > 0 } {
     if {[HTTP::header exists Location]} {
    set protocol [string range [HTTP::header Location] 0 [string first ":" [HTTP::header Location]]]
    set locationrewrite "$protocol//$static::vs_host_opco_prod[string range [HTTP::header Location] [expr {[string first "/" [string range [HTTP::header Location] 9 end]] + 9}] end]"
    if { $static::debug > 0 } { log local0. "HTTP Location Before: [HTTP::header Location]" }
    if { $static::debug > 0 } { log local0. "Updated Version: $locationrewrite" }
    HTTP::header replace Location $locationrewrite
  } 

  STREAM::expression "@$rewrite_host@$static::vs_host_opco_prod@"
  STREAM::enable
}
}

ltm data-group internal folder_check {
    records {
        /en- { }
        /zh- { }
    }
    type string
}

ltm data-group internal rewrite_folders {
    records {
        en-gb/account {
            data jobs.opco.co.uk
        }
        en-gb/feed {
            data jobs.opco.co.uk
        }
        en-gb/jobdetails {
            data jobs.opco.co.uk
        }
        en-gb/search {
            data jobs.opco.co.uk
        }
        jobs {
            data opco.abc.com
        }
    }
    type string
}

For the new OPCO request, i changed the set static:: entry and the datagroups, but it is not working. All traffic is being sent to the server pool. This is what i see in the logs:

Mar  6 13:30:55 RP-F5-LTM2 info tmm6[14982]: Rule /Common/opco-redirect-new : URI: /en-au/about/join-our-team/internal-careers - Found folder en-au
Mar  6 13:30:55 RP-F5-LTM2 info tmm6[14982]: Rule /Common/opco-redirect-new : -->/en-au/about/join-our-team/internal-careers /Common/serverpool

Below is the new datagroup:

ltm data-group internal folder_check_newopco {
    records {
        /en- { }
        /zh- { }
    }
    type string
}

ltm data-group internal rewrite_folders_newopco {
    records {
        careers/jobs {
            data newopco-preprod.xyz.com
        }
        en-au/about/join-our-team/internal-careers {
            data newopco-internal-jobs-fgh.com
        }
    }
    type string
}

Like I mentioned at the beginning, this irule was created by F5's ondemand team so I don't understand all of the coding. I am not sure if I need to tweak any numbers since the new datagroup has a longer URI the one that is working. I just don't know what needs to be tweaked to support the new request.

Any help would be greatly appreciated.

Thanks

application delivery

iRules

LTM

Forum Discussion

reverse-proxy irule not triggering

Recent Discussions

BIG-IP DNS: Check Status Of Multiple Monitors Against Pool Member

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

Related Content

F5 Reverse Proxy setup

Simple Reverse Proxy with iRules

Troubleshooting Lync/Skype for Business Reverse Proxy

Setup a Reverse Proxy that redirects to internal port

Reverse Proxy With Basic SSO