For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

vinhng_96559's avatar
vinhng_96559
Icon for Nimbostratus rankNimbostratus
Oct 03, 2013

Apache virtual hostnames F5 LB

Hi Experts,

 

I have a question regarding Apache virtual hostnames behind F5 LB. We have a 10.2 LTM box. server1 [x.x.x.x] has mutiple proxy servers to to one leg of the app server internal web1a.sample.com, web2a.sample.com, web3a.sample.com and etc (same physical IP just virtual hostnames) server2 [y.y.y.y] has mutiple pxoxy servers go to the other legs of app server internal web1b.sample.com, web2b.sample.com, web3b.sample and etc All of these web1/2x.sample.com are dns cnames of server1 and server2. Basic pool https LB pool of server1 and server2. Now,, I have virtual server for each virtual name, for example: web1.sample.com (web1a and web1b) web2.sample.com (web2aa dn web2b) and etc... Problem is it seems like when I go to web2-n.sample.com, it points to the first virtual name web1a or web1b only. Is there anything I need to do to force LTM route using the virtual nanme? Virtual name work fine if I goes direct to each webX proxy. Thanks much for any suggestion.

 

2 Replies

  • uni's avatar
    uni
    Icon for Altocumulus rankAltocumulus
    Oct 03, 2013
    Apache processes the request based on the contents of the Host header. If it is not sending to the correct virtual host, either Apache is misconfigured or the Host header is not getting to the server. You can easily confirm what is being sent to the server with this command from the LTM bash shell (assuming traffic is plain http): ssldump -nndi0.0 host y.y.y.y | grep 'Host:'
  • BinaryCanary_19's avatar
    BinaryCanary_19
    Historic F5 Account
    Oct 04, 2013

    The LTM does not manipulate hostnames by default, and will transfer exactly what the client specified in the HTTP request. If you are having an issue, it is most likely because your clients are connecting to (for example) f5virtual.example.com, and your web servers are configured to listen for "web3a.example.com" instead. The servers will most likely return a 404 or the default virtual server.

     

    To fix this, you need to configure your servers to listen for "virtual[x].example.com" where you then have DNS names that translate those to the F5 address; [x] is any number of your choice, and the F5 will pass it on to the backend server unmodified. The backend server will then respond with the virtual server configured for that hostname.

     

    Briefly, your servers should still be configured to listen to those hostnames, but in DNS, the hostnames need to now point to the F5 Virtual server that is load-balancing them.