Forum Discussion
NimbostratusDoes iRule support any port define for HTTP and HTTPS?
Does iRule support any port define for HTTP and HTTPS? Our organization does not use 80 and 443. F5 version: 12.1.2 Application: PeopleSoft 9.2
Solution from PeopleSoft to capture clients IP Address is below but where do I put this lines of code on the F5 and how does it pick up the port that we define on the F5?
Note: If you are trying to capture the clients IP Address and you use route-domains ensure you adjust the irule of the F5 to ensure you are not sending as part of the WL-Proxy-Client-IP to the weblogic servers. In the documentation above it shows: when HTTP_REQUEST { HTTP::redirect [https://[getfield]https://[getfield [HTTP::host] ":" 1][HTTP::uri] }
You will want to setup the irule like the one below if using route-domains, which strips out the %1.
when HTTP_REQUEST { HTTP::header insert WL-Proxy-Client-IP [getfield [IP::client_addr] "%" 1] }
Which port are you trying to insert into the header? the client port, or the virtual server port?
chicago_330050Users enter http://website.com:18100 but it needs to be redirect to https://website.com:18100
HTTPS:18100 is the setting on F5 login url is https://website.com:18100 web server behinds are listening on http/https 18100/18101
That should not be a problem. on your HTTP vs your irule would be when HTTP_REQUEST { HTTP::redirect "; }
On the HTTPS virtual (once traffic is redirected to it), are you trying to pass the cient IP to the server in a header? If so, the rule you have listed will do that.
when HTTP_REQUEST { HTTP::header insert WL-Proxy-Client-IP [getfield [IP::client_addr] "%" 1] }
- chicago_330050
yes we want to pass Client IP to the server. so the real IP will be captured on the PeopleSoft.
- chicago_330050
HTTP_REQUEST { HTTP::redirect ";; }
HTTP_REQUEST { HTTP::header insert WL-Proxy-Client-IP [getfield [IP::client_addr] "%" 1] }
Do we combine 2 lines of code? Or they are setup on different places?
Are the servers providing the redirect to https://website.com:18100? Or are you wanting to do it on the F5?
If you are doing it on the f5: 1. create your http virtual on port 18100 2. add an irule with "when HTTP_REQUEST { HTTP::redirect "; }" 3. create your https virtual on port 18101
4. add an irule to that virtual with "when HTTP_REQUEST { HTTP::header insert WL-Proxy-Client-IP [getfield [IP::client_addr] "%" 1] }"if the server is providing the redirect to https:://website.com:18100, then we need to do something additional, particularly if the backend https servers are listening on 18101. 1. server sends redirect to https://website.com:18100 2. request is received at F5 on https virtual server. Host header value is website.com:18100. 3. need to rewrite the host name prior to sending to server on backend. So add an irule to https virtual with the following lines:
when HTTP_REQUEST { HTTP::header insert WL-Proxy-Client-IP [getfield [IP::client_addr] "%" 1]} when HTTP_REQUEST_SEND { HTTP::host website.com:18101 }
- chicago_330050
no there's no redirect on the web server behind F5. Yes I would like the F5 to redirect.
I will try your solution and get back to you.
Additionally, modify your redirect rule to not be static
when HTTP_REQUEST { HTTP::redirect "https://[HTTP::host][HTTP::uri]}
- chicago_330050
Does this work for SSL offloading?
Yes. In fact, decrypting the client side is required. Whether or not you reencrypt is just a matter of adding the server ssl profile and making sure you have the correct pool members
