Forum Discussion

AlexDeMarco's avatar
AlexDeMarco
Icon for Nimbostratus rankNimbostratus
Jan 10, 2013

Proxypass issue

I have the latest proxypass irule configure on my f5, but I cannot get it to do what I want.

 

I want dev.suny.edu to be reverse proxied to myappserver.com:7900/security

 

So my data group is:

 

dev.suny.edu/security := scendawl3.sysadmin.suny.edu7900/security

 

 

Jan 10 08:47:17 local/tmm info tmm[5538]: Rule ProxyPass : VS=HTTP_DEV.SUNY.EDU, Host=dev.suny.edu, URI=/security/welcome.png: 200 response from http_DEV_suny_edu 141.254.104.151 80

 

Jan 10 08:47:17 local/tmm info tmm[5538]: Rule ProxyPass : VS=HTTP_DEV.SUNY.EDU, Host=dev.suny.edu, URI=/security/welcome.png: $stream_expression_cmd: STREAM::expression "@scendawl3.sysadmin.suny.edu:7900@dev.suny.edu/security@", $stream_enable_cmd: STREAM::enable

 

Jan 10 08:47:17 local/tmm info tmm[5538]: Rule ProxyPass : VS=HTTP_DEV.SUNY.EDU, Host=dev.suny.edu, URI=/security/welcome.png: Successfully configured and enabled stream filter

 

Jan 10 08:47:17 local/tmm info tmm[5538]: Rule ProxyPass : VS=HTTP_DEV.SUNY.EDU, Host=dev.suny.edu, URI=/security/welcome.png: Checking Location=, $protocol=

 

Jan 10 08:47:17 local/tmm info tmm[5538]: Rule ProxyPass : VS=HTTP_DEV.SUNY.EDU, Host=dev.suny.edu, URI=/security/welcome.png: Checking Content-Location=, $protocol=

 

Jan 10 08:47:17 local/tmm info tmm[5538]: Rule ProxyPass : VS=HTTP_DEV.SUNY.EDU, Host=dev.suny.edu, URI=/security/welcome.png: Checking URI=, $protocol=

 

Jan 10 08:47:19 local/tmm info tmm[5538]: Rule ProxyPass : VS=HTTP_DEV.SUNY.EDU, Host=dev.suny.edu, URI=/favicon.ico: No rule found, using default pool http_DEV_suny_edu and exiting

 

Jan 10 08:47:19 local/tmm info tmm[5538]: Rule ProxyPass : VS=HTTP_DEV.SUNY.EDU, Host=dev.suny.edu, URI=/favicon.ico: 200 response from http_DEV_suny_edu 141.254.104.151 80

 

Jan 10 08:47:19 local/tmm info tmm[5538]: Rule ProxyPass : VS=HTTP_DEV.SUNY.EDU, Host=dev.suny.edu, URI=/favicon.ico: Rewriting response content enabled, but disabled on this response.

 

 

Basically I end up at the Welcome to IIS7 page.

 

What am I missing?

 

- Alex

 

 

 

application delivery
dev
devops
iRules

4 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jan 10, 2013
    Hi Alex,

     

     

    Do you have a colon in the datagroup's value?

     

     

    dev.suny.edu/security := scendawl3.sysadmin.suny.edu:7900/security

     

     

    Can you show the logs for a client request to dev.suny.edu/security?

     

     

    Thanks, Aaron
  • AlexDeMarco's avatar
    AlexDeMarco
    Icon for Nimbostratus rankNimbostratus
    Jan 10, 2013

    Yes sorry that was typoe in my post.. Yes there is a colon. When you say the logs for dev.suny.edu/security you mean from my IIS server? what is it seeing? So our IIS instances are setup to respond when a specific host header is recieved. So I have a website difined that will only respond with host header of dev.suny.edu. The fact that I get a 404 back says that the f5 is sending the request straight to the ip without the host header value.

     

    - Alex

     

  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Jan 10, 2013
    So the server requires dev.suny.edu as the host header. Is dev.suny.edu what the client is accessing the LTM virtual server with? If so, you shouldn't need to use ProxyPass.

     

     

    Or does the server require scendawl3.sysadmin.suny.edu:7900 as the host header value it receives?

     

     

    Thanks, Aaron

     

     

  • AlexDeMarco's avatar
    AlexDeMarco
    Icon for Nimbostratus rankNimbostratus
    Jan 10, 2013

    the dawl3 box does not care about host header.

     

     

    So this is what I am trying to solve.

     

    On our IIS server where dev.suny.edu is we also have and Oracle 11g Proxy tool that is configured to reverse proxy various contexts /security for example to a back end oracle application server. I really want to take that task away from IIS.

     

    Since dev.suny.edu is a vip/pool on the F5, it would be nice if the F5 could see the /securty request and just do the reverse proxy for me. THe browser client would only ever see dev.suny.edu/security. /security would be fulfillied by the application server (or another F5 vip) . Follow?

     

    - Alex