Forum Discussion

Joseph_Lindsly's avatar
Joseph_Lindsly
May 14, 2014

IRule for reverse proxy with http rewrite

Hi guys,

 

I need to use F5 like a reverse proxy. My company would like to have clients connect the our company URL and be redirected to an externally hosted website but have the traffic come back through the F5 back to the client. My company wants the redirect to be transparent to the client. Here are some examples of what i need.

 

company sitehttp://www.opco.com/jobs/apply external sitehttp://newsite.com/apply

 

company sitehttp://www.opco.com//jobs/apply/resume-thanks external sitehttp://newsite.com/thankyou

 

company sitehttp://www.opco.com/jobs/privacy external sitehttp://newsite.com/privacy

 

company sitehttp://www.opco.com/jobs/terms external sitehttp://newsite.com/terms

 

Any help would be greatly appreciated.

 

Thanks

 

application delivery
cloud
design
devops
iRules
LTM

7 Replies

Sort By
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    May 14, 2014

    Well, technically you cannot perform an HTTP redirect and be transparent to the client. The very nature of an HTTP redirect involves the client. In order to be transparent, and perhaps the only way, is to (reverse) proxy access to that external site through your F5. You would define that external site as either a node or its own pool. Then you could do something like this:

    when CLIENT_ACCEPTED {
    set default_pool [LB::server pool]
}
when HTTP_REQUEST {
    switch [string tolower [HTTP::uri]] {
        "/jobs/apply" {
            HTTP::uri "/apply"
            pool newsite-pool
        }
        "/jobs/apply/resume-thanks" {
            HTTP::uri "/thankyou"
            pool newsite-pool
        }
        "/jobs/privacy" {
            HTTP::uri "/privacy"
            pool newsite-pool
        }
        "/jobs/terms" {
            HTTP::uri "/terms"
            pool newsite-pool
        }
        default {
            pool $default_pool
        }
    }
}

    You'll probably also want to have a OneConnect profile applied to the VIP.

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    May 18, 2014

    in addition, you may also have to replace the host header.

    HTTP::header replace Host newsite.com
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    May 19, 2014

    Should I add the Header line at the beginning or end of the other commands?

     

    It won't matter.

     

  • Joseph_Lindsly's avatar
    Joseph_Lindsly
    May 27, 2014

    My company has modified the request. This is what they want now.

     

    company site http://www.opco.com/jobs/apply external site http://newsite.com/mobileapply/opco

     

    company site http://www.opco.com//jobs/apply/resume-thanks external site http://newsite.com/mobilethankyou/opco

     

    company site http://www.opco.com/jobs/privacy external site http://newsite.com/mobileprivacy/opco

     

    company site http://www.opco.com/jobs/terms external site http://newsite.com/mobileterms/opco

     

    I modified the irule from above to this:

     

    when CLIENT_ACCEPTED { set default_pool [LB::server pool] } when HTTP_REQUEST { switch [string tolower [HTTP::uri]] { "/jobs/apply" { HTTP::uri "/mobileapply/opco/" pool cbmserver.com } "/jobs/apply/resume-thanks" { HTTP::uri "/mobilethankyou/opco" pool cbmserver.com } "/jobs/privacy" { HTTP::uri "/mobileprivacy/opco" pool cbmserver.com } "/jobs/terms" { HTTP::uri "/mobileterms/opco" pool cbmserver.com } default { pool $default_pool } } }

     

    When I test it, the URI changes to mobileapply/opco instead of staying jobs/apply and doesn't open the page.

     

    When i try to add HTTP::header replace Host newsite.com, i get an error when i click the update button.

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    May 27, 2014

    i think the irule does exactly what they want but it may have another redirection they do not know.

    to prove, the following is my testing. you can see host header and uri are already changed.

    to further investigation, you may try tcpdump on bigip and http analyzer tool such as httpfox.

     config

root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm virtual bar
ltm virtual bar {
    destination 172.28.24.10:80
    ip-protocol tcp
    mask 255.255.255.255
    pool foo
    profiles {
        http { }
        tcp { }
    }
    rules {
        qux
    }
    source 0.0.0.0/0
    source-address-translation {
        type automap
    }
    vs-index 33
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm pool cbmserver.com
ltm pool cbmserver.com {
    members {
        200.200.200.111:80 {
            address 200.200.200.111
        }
    }
}
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
    when CLIENT_ACCEPTED {
  set default_pool [LB::server pool]
}
when HTTP_REQUEST {
  switch [string tolower [HTTP::uri]] {
    "/jobs/apply" {
      HTTP::header replace Host newsite.com
      HTTP::uri "/mobileapply/opco/"
      pool cbmserver.com
    }
    "/jobs/apply/resume-thanks" {
      HTTP::header replace Host newsite.com
      HTTP::uri "/mobilethankyou/opco"
      pool cbmserver.com
    }
    "/jobs/privacy" {
      HTTP::header replace Host newsite.com
      HTTP::uri "/mobileprivacy/opco"
      pool cbmserver.com
    }
    "/jobs/terms" {
      HTTP::header replace Host newsite.com
      HTTP::uri "/mobileterms/opco"
      pool cbmserver.com
    }
    default {
      pool $default_pool
    }
  }
}
}

 trace

[root@ve11a:Active:In Sync] config  ssldump -Aed -nni 0.0 port 80
New TCP connection 1: 172.28.24.1(42623) <-> 172.28.24.10(80)
1401198587.8124 (0.0029)  C>S
---------------------------------------------------------------
HEAD /jobs/apply HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Accept: */*
Host: www.opco.com

---------------------------------------------------------------

New TCP connection 2: 200.200.200.14(42623) <-> 200.200.200.111(80)
1401198587.8137 (0.0010)  C>S
---------------------------------------------------------------
HEAD /mobileapply/opco/ HTTP/1.1
User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
Accept: */*
Host: newsite.com

---------------------------------------------------------------
  • Joseph_Lindsly's avatar
    Joseph_Lindsly
    May 30, 2014

    When i type in my test URL, it is switching to the external address in the address bar. 

    I type: 

http://www.opco.com/jobs/apply

The address bar switches to

http://www.newsite.com/mobileapply/opco

    Here is the latest update:

    The company wants the user to type:

    http://www.opco.com/jobs/apply?postingid=1235213&vendorid=2214&return=https://m.xxxxx.com/Job-Search-Results.aspx?countryName=All&state=0&domain=&keyword=java

    it should forward to:

    http://www.newsite.com/mobileapply/opco? postingid=1235213&vendorid=2214&return=https://m.xxxxx.com/Job-Search-Results.aspx?countryName=All&state=0&domain=&keyword=java

    The user never sees the new site address in the address bar.

    This is the current irule that I have.

    when CLIENT_ACCEPTED {
    set default_pool [LB::server pool]
}
when HTTP_REQUEST {
    switch [string tolower [HTTP::uri]] {
        "/jobs/apply" {
            HTTP::uri "/mobileapply/opco"
            pool newsite.com
        }
        "/jobs/apply/resume-thanks" {
            HTTP::uri "/mobileapply/opco/thankyou"
            pool newsite.com
        }
        "/jobs/privacy" {
            HTTP::uri "/mobileapply/opco/privacy"
            pool newsite.com
        }
        "/jobs/terms" {
            HTTP::uri "/mobileapply/opco/terms"
            pool newsite.com
        }
        default {
            pool $default_pool
        }
    }
}

    Also, if the user just types in http://www.opco.com it should go to our default pool called opco_pool. When i tried to add that to the rule, it kept failing. Should i put the default pool name in this line:

    set default_pool [LB::opco_pool]