For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Vishakh_Krishna's avatar
Vishakh_Krishna
Icon for Nimbostratus rankNimbostratus
Nov 03, 2015

Do not want to rewrite Virtual Server's URL to the pool nodes URL

Dear Team,

 

Request if you can provide a solution for the below scenario:

 

We have created a Virtual Server with SSL offloading and can be accessed over the url http://star-dev.domain.ae.

 

Pool node member can also be accessible via the URL

 

However when user tries to access the Virtual server with the URL It gets redirected to the URL of the Pool node member Our requirement is that it should not be redirected to the pool member URL. It should be accessible with only the virtual server's URL.

 

Is there anything that we can do on the virtual server configuration or is that something to be done on the application residing on the physical server ? Kindly help in providing input for my above requirement.

 

Thanks, Vish

 

application delivery
LTM

2 Replies

  • DevBabu's avatar
    DevBabu
    Icon for Cirrus rankCirrus
    Nov 03, 2015
    1. Could you please post your virtual server an pool member configuration along with iRules if configured.
    2. Who is sending the redirection link (
    3. You have mentioned SSL offload on LTM and accessing the site usin "http://" do you have VIRTUAL SERVER for both http and https traffic (i.e. port 80 and port 443) and are you redirecting http traffic to https virtual server ?
  • Henrik_Gyllkran's avatar
    Henrik_Gyllkran
    Icon for Nimbostratus rankNimbostratus
    Nov 03, 2015

    In some applications there is the possibility of making it aware that they reside behind an ADC or proxy and you can specify the external URL so that the application generates the URL:s according to that. That is probably the preferred option if that is possible. However, if there is no such setting in the application it can always be solved by having the BIG-IP rewriting the application data before sending it out to the client. The easiest choice here is the stream profile. With the help of that you can have the BIG-IP rewrite all occurrences of to http://star-dev.domain.ae. It's pretty neat:

     

    https://support.f5.com/kb/en-us/solutions/public/8000/100/sol8115.html

     

    In case you have multiple strings to rewrite, say for instance that you have and so on that all should be rewritten to you need to combine the stream profile with an iRule that matches multiple strings in the data streams:

     

    https://support.f5.com/kb/en-us/solutions/public/7000/000/sol7027.html

     

    Finally, I would recommend in case you make use of the stream profile that you also enable a compression profile on your virtual server, because if the server responds with compressed data the stream profile will not be able to match the strings. Having the BIG-IP performing http compression on behalf of the server prevents the server from compressing the data and thus avoids that problem.