MSK_222682
Jul 04, 2016Nimbostratus
Differentiating the connections based on headers || HTTP Profile
Hi,
I have a scenario wherein the app team wants to publish an application both to external and internal (intranet). However, the requirement from them is to check on BIG IP to leverage HTTP profile (or iRule) to segregate between external and internal users.
They want to have something like
http profile = abc.com_external implies external user
http profile = abc.com_internal implies internal user
Now, below is the traffic flow for both scenarios,
External
End user >>> External BIGIP >>> Internal BIGIP >>> Backend Servers
Internal
End user >>>> Internal BIGIP >>> Backend Servers
So, the only difference basically is that for external connections the internal BIGIP would see the source as the external BIGIP. Now, my approach is if we can insert something in the header on external BIGIP and monitor for it on the internal BIGIP then we could differentiate between external and internal users. Internal connections would be parsed as normal. Therefore, at the app level on backend servers they could differentiate between external connections by monitoring the newly added header.
Not sure if this could be achievable but would be great if you could provide some help and thoughts.
Br,
MSK