Trying to configure an irule to rewrite specific headers for external redirection while not affecting headers going to local pool
Currently, i have a configuration where users who access http://www.abc.com go to this port 80 VIP
ltm virtual /Common/www.abc.com {
destination /Common/10.xx.xx.219:80
ip-protocol tcp
mask 255.255.255.255
persist {
/Common/cookie {
default yes
}
}
pool /Common/www.abc.com-web
profiles {
/Common/www.abc.com-Compression { }
/Common/www.abc.com-http { }
/Common/www.abc.com-TCP-Optimized { }
/Common/www.abc.com-stream { }
}
rules {
/Common/www.abc.com-ssl-redirect
}
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
}
When users try accessing http://www.abc.com/careers/jobs, an irule redirects that URL to https. The rest of the traffic goes to the local pool containing servers listening on port 80.
irule that is applied to the port 80 VIP
ltm rule /Common/www.abc.com-ssl-redirect {
when HTTP_REQUEST {
log local0. "Host: [HTTP::host], URI: [HTTP::uri]"
if { [HTTP::uri] starts_with "/careers/jobs" } {
HTTP::redirect "https://[HTTP::host][HTTP::uri]"
log local0. "20>>URI matched Career Jobs"
} else {
pool www.abc.com-web
log local0. "21>>URI match not found, using default pool"
}
}
}
The user is redirected to the port 443 VIP which is configured for SSL Bridging since the traffic from the F5 to the external site has to be SSL.
Port 443 VIP
ltm virtual /Common/www.abc.com-SSL {
destination /Common/10.xx.xx.219:443
ip-protocol tcp
mask 255.255.255.255
profiles {
/Common/www.abc.com-http { }
/Common/serverssl {
context serverside
}
/Common/stream { }
/Common/tcp-wan-optimized { }
/Common/wildcard {
context clientside
}
}
rules {
/Common/www.abc.com-redirect4
}
source 0.0.0.0/0
source-address-translation {
type automap
}
translate-address enabled
translate-port enabled
}
The irule that is applied to the port 443 VIP
ltm rule /Common/www.abc.com-redirect4 {
when CLIENT_ACCEPTED {
set default_pool [LB::server pool]
}
when HTTP_REQUEST priority 100 {
STREAM::disable
switch -glob [string tolower [HTTP::uri]] {
"/careers/jobs*" {
set path [string map {/careers/jobs* /careers/jobs*} [URI::path [string tolower [HTTP::uri]]]][URI::basename [string tolower [HTTP::uri]]]
set uri $path[URI::basename [HTTP::uri]][URI::query [HTTP::uri]]
HTTP::path $path
set qry_location [string first "?" [HTTP::uri]]
if { $qry_location > 0 } {
set qry [string range [HTTP::uri] $qry_location end]
} else {
set qry ""
}
set uri ${path}/$qry
HTTP::uri $uri
log local0. "10>>being redirected to $path"
}
default {
log local0. "-->[HTTP::uri] $default_pool"
pool $default_pool
return
}
}
HTTP::header replace Host "www.xyz.com"
set host [HTTP::host]
set dest [lindex [RESOLV::lookup @8.8.8.8 -a [HTTP::host]] 0]
if { $dest ne "https://www.xyz.com" } {
node $dest
}
}
when HTTP_RESPONSE {
if [HTTP::header exists Location] {
set location [HTTP::header Location]
set locationrewrite [string map { www.xyz.com www.abc.com } $location]
HTTP::header replace Location $locationrewrite
}
{
STREAM::expression "@www.xyz.com@www.abc.com@"
STREAM::enable
}
log local0. "client [IP::client_addr]:[TCP::client_port] server [IP::remote_addr]:[TCP::release] host $host"
}
when HTTP_REQUEST priority 200 {
log local0. "25>>Outgoing path [HTTP::uri]"
}
}
The local servers have finally been configured to support SSL. When i try adding a pool (containing the servers listening on port 443) to the SSL VIP, the irule tries to rewrite the headers for the local traffic. I just need the traffic that is being redirected to the external site to have the headers rewritten. Also, www.abc.com/careers/jobs/search needs to go to the local pool while www.abc.com/careers/jobs/* (everything else) needs to still redirect to the external site. I need help trying to figure this one out.
Thanks, Joe
