Forum Discussion
Andrew_Wilson_2
Nimbostratus
NimbostratusA simple Reverse Proxy iRule
I'm completely new to the iRules and the BigIP in general. Here's what I've done:
I've created 8 nodes in total which specify internal webservers behind the F5 device. I've then created 8 pools to contain the correct webserver. I've then created a new Virtual Server called 'Reverse Proxy' which then has an iRule attached to it (See below)
What I want to do is if a client tries to connect to URL http://websever1.gov.uk it then looks at the iRule and then forwards it onto the correct pool etc etc
This is the iRule i've written which doesn't seem to want to play ball:
when HTTP_REQUEST {
if { [HTTP::uri] starts_with "webserver1.gov.uk" } {
pool webserver1.gov.uk
}
elseif { [HTTP::uri] starts_with "webserver2.gov.uk" } {
pool webserver2.gov.uk
}
elseif { [HTTP::uri] starts_with "webserver3.gov.uk" } {
pool webserver4.gov.uk
}
elseif { [HTTP::uri] starts_with "webserver4.gov.uk" } {
pool webserver4.gov.uk
}
elseif { [HTTP::uri] starts_with "webserver5.gov.uk" } {
pool webserver5.gov.uk
}
elseif { [HTTP::uri] starts_with "webserver6.gov.uk" } {
pool webserver6.gov.uk
}
elseif { [HTTP::uri] starts_with "webserver7.gov.uk" } {
pool webserver7.gov.uk
}
elseif { [HTTP::uri] starts_with "webserver8.gov.uk" } {
pool webserver8.gov.uk
}
}
If I do a tcpdump on the external interface I see the traffic coming into the F5 but then get a reset coming back from the VR VIP address. If I do the same tcpdump on the inside interface I don't see anything so the F5 doesn't seem to be forwarding the traffic.
I'd appreciate anyones help on this.
Andrew
5 Replies
- JRahm
Admin
you are searching for the host, not the uri.
protocol->http://
HTTP::host------>www.yourco.com
HTTP::uri--------------------->/asdjfldjfajd
If you change your HTTP::uri to HTTP::host, that should work for you. There is a great amount of threads that will make what you are doing much more efficient, I'd suggest you spend some time browsing the postings to get a feel for the control you have with iRules. 
Andrew_Wilson_2Hi,
Many thanks for your help on this. I've now made the changes to the iRule. Now i've made the changes to the iRule, when I try to Apply these new settings I get the following error:
01070394:3: HTTP::host in rule (reverse-proxy) requires an associated HTTP profile on the virtual server (Reverse_Proxy_VS).
I have the type set to : Performance (http) and the Profile Client set to fasthttp.
Can you give me some pointers please.
Cheers
Andrew
hoolioCirrostratus
Hi Andrew,
The FastHTTP profile limits the HTTP functionality available for the VIP. Specifically, you can't use an iRule that is triggered on the HTTP_REQUEST event.
Take a look at SOL4707 for details on selecting the best set of profiles based on your requirements:
Click here
I think you need to use a TCP and HTTP profile in order to apply the layer 7 inspection your rule uses.
Aaron- hoolio
- Andrew_Wilson_2Many thanks for the help on this. I now have it working for http requests. I now need to also provide https access to the same servers but I don't want the F5 to do anything funky with the SSL. They want the SSL Cert to stay on the Servers so all I need is to push the SSL traffic directly through to the servers. The only way I can even see the traffic flow through the F5 is if I set the SSL Profile's for either Client Or Server. I then get the pop-up from the F5 (I pressume) and then I can see the request go out through the correct interface. If I don't have these set I see nothing going through. Can anyone give me any pointers.
Cheers
Andrew
