Forum Discussion
NimbostratusExternal access links pointing to internal - Reverse proxy irule help
Hi all
Excuse me as I'm not that skilled with F5 just yet and have been pushed into this project that I need to work on.
Anyway, we are hosting our magento website internally on site.internal.com/au which works fine internally for everyone. We have also setup access for this website externally, which I have done successfully with our external domain site.external.com/au. Now the problem is, when external users browse to this page, all links on the page refer to the internal URL which is site.internal.com/au and obviously cannot be accessed by external users, thus the site not working anywhere past the first page.
Is there something I can do on the F5 to rectify this?
I have 2 virtual servers set up with 2 irules for http and https. The first one is for users accessing the site from external using http:
when HTTP_REQUEST {
Validate Portal Host Headers
if { ([string tolower [HTTP::host]] eq "store.external.com")}{
Redirect Valid Traffic to HTTPS
HTTP::redirect https://[HTTP::host][HTTP::uri]
Otherwise Drop
} else {
drop
}
}
THEN when https:
when HTTP_REQUEST {
if { [string tolower [HTTP::host]] eq "store.external.com"}{
if {[HTTP::uri] eq "/au"}{
HTTP::redirect "https://[HTTP::host]/store/aub2c"
pool poolname
} else {
pool poolname
}
}}
The above simply points to the true path of the store which is site.internal.com/store/aub2c.
Does this make sense? Thanks in advance.
4 Replies
- Kevin_Stewart
Employee
Since it doesn't appear your URI patterns are changing, you should be able to get away with a pretty simple STREAM iRule. Add the built-in STREAM profile to the VIP and modify the HTTPS iRule like this:
when HTTP_REQUEST { if { [string tolower [HTTP::host]] eq "store.external.com"} { if { [string tolower [HTTP::uri]] eq "/au" } { HTTP::redirect "https://[HTTP::host]/store/aub2c" } else { HTTP::header remove Accept-Encoding STREAM::disable pool poolname } } } when HTTP_RESPONSE { if { [HTTP::header exists Location] } { HTTP::header replace Location [string map {"site.internal.com" "site.external.com"} [HTTP::header Location]] } if { [HTTP::header Content-Type] contains "text" } { STREAM::expression {@site.internal.com@site.external.com@} STREAM::enable } }The idea here is that, in every response that is text-based, The following things will happen:
-
If the Location header exists in the response, a redirect, its value will be replaced with the external site name. This is usually the only place that the host name would show up in the HTTP headers of the response.
-
The STREAM iRule will look for and replace any instance of "site.internal.com" with "site.external.com" in the payload. This would affect any document object references in the HTML content (images, javascript, css, etc.).
-
Nugeorge_163341Hello
Thanks for the response, that makes sense!
I've modified the HTTPS iRule with what you gave me and added the stream profile, however it's still doing the same thing. Do I need to make any changes to the HTTP iRule, or is that simply sending stuff over to HTTPS?
- Kevin_Stewart
The HTTP VIP should just be redirecting all traffic to the HTTPS VIP, so it doesn't need this iRule. The next step probably needs to be a client side capture (ie. fiddler, HTTPWatch, etc.) to see where exactly the requests are breaking. For instance, the redirect and document object references in the responses may also be using http:// instead of https://.
- Nugeorge_163341
I got it! My bad, I missed editing 1 little bit of your config, it's working perfectly now.
Thanks a lot!
