Forward Original Host Name

Question

We have a site that was accessed via TMG. The host name though is different from the internal site name. In TMG this wasn't an issue as there is an option to "forward the original host header instead of the site name".&nbsp;
So for example in TMG the host name is given as name.company.com but the internal site name is servername.domain.company.com&nbsp;
When browsing the site via TMG the typed in host name remains the same when hitting then site and no translation occurs. Via BIG-IP LTM though the host name is changed to the internal site name in the address bar resulting in certificate errors.&nbsp;
Is there a way in BIG-IP LTM to replicate what TMG was doing previously?&nbsp;

kevin_stewart · Answer

This generally involves replacing the HTTP Host header inbound. That's probably what TMG is doing.
when HTTP_REQUEST {
    HTTP::header replace Host "servername.domain.company.com"
}

brad_parker · Answer

You will probably want to use an iRUle or LTM policy to rewrite the hostname to the back-end server for your internal host header.  i.e
when HTTP_REQUEST {
    if {[HTTP::host] equals "name.company.com"}{
        HTTP::host "servername.domain.company.com"
    }
}

veato · Answer

Unfortunately the public URL (name.company.com) is still be rewritten/redirected to the internal site name (servername.domain.company.com) when using the above as an iRule&nbsp;

kevin_stewart · Answer

If you look at a packet capture on the internal VIP you'll definitely see that the HTTP host header is changing. Despite that there may be other things causing the server to do what it's doing. At a minimum you should perform a client side HTTPwatch or Fiddler capture to see what the server is doing and how the client is reacting, as there a few ways to counteract the various behaviors. For example, if the server is just blindly sending a redirect to itself for a different URI, you can catch that and rewrite it:
when HTTP_RESPONSE {
    if { [HTTP::header exists Location] } {
        HTTP::header replace Location "name.company.com"
    }
}

If the server is sending back an HTML page that has references to DOM objects using the absolute URL it knows (servername.domain.company.com), then you can catch those with a STREAM profile and iRule:
when HTTP_REQUEST {
    HTTP::header remove Accept-Encoding
    STREAM::disable
}
when HTTP_RESPONSE {
    if { [HTTP::header Content-Type] contains "text" } {
        STREAM::expression {@servername.domain.company.com@name.company.com@}
        STREAM::enable
    }
}

In both of these cases you're rewriting the URLs being presented to the client, which is most likely what you'll need if simply rewriting the inbound Host header isn't enough.

Forum Discussion

Forward Original Host Name

4 Replies

Recent Discussions

iRule help masking IBM host URL/URI

Need advise to setup a policy on F5

Advise on setting up IRULE

Help with URL Masking

Import PKCS 12 SSL to Device Certificate via API/Script or CLI on BIG-IP

Related Content

F5 Distributed Cloud Origin Server Subset Rules

Bidirectional Forwarding Detection (BFD) Protocol Cheat Sheet

iRule for multiple host to multiple pools and redirect path on one host.

F5 DNS Forwarding

host header in F5